CVE-2013-1655 (Unauthenticated Remote Code Execution Vulnerability)

  • Posted March 12, 2013

  • A vulnerability found in Puppet could allow unauthenticated clients to send requests to the puppet master which would cause it to load code unsafely. While there are no reported exploits, this vulnerability could cause issues like those described in Rails CVE-2013-0156. This vulnerability only affects puppet masters running Ruby 1.9.3 and higher.


    • Resolved in Puppet 2.7.21, 3.1.1