CVE-2013-4956 (Puppet Module Permissions Vulnerability)

  • Posted August 15, 2013

  • Assessed Risk Level: Low

Puppet Module Tool (PMT) did not correctly control permissions of modules it installed, instead transferring permissions that existed when the module was built.


  • Affected Versions: Puppet 2.7.14 and later, 3.x | Puppet Enterprise 2.5 and later, 3.0.0
  • Resolved in Puppet 2.7.23 and 3.2.4
  • Resolved in Puppet Enterprise 2.8.3 and 3.0.1
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.