CVE-2013-4966 (Master external node classification script vulnerable to console impersonation)

  • Posted March 4, 2014

  • Assessed Risk Level: Medium

The script that the PE master used to contact the PE console for node classification did not verify the identity of the console. This introduced a vulnerability in which an attacker could impersonate the console and submit malicious classification to the master.


  • Affected Versions: Puppet Enterprise 3.x
  • Resolved in Puppet Enterprise 3.2.0