Posted March 4, 2014
Assessed Risk Level: Medium
The script that the PE master used to contact the PE console for node classification did not verify the identity of the console. This introduced a vulnerability in which an attacker could impersonate the console and submit malicious classification to the master.
- Affected Versions: Puppet Enterprise 3.x
- Resolved in Puppet Enterprise 3.2.0