CVE-2013-4967 (External Node Classifiers Allowed Clear Text Database Password Query)

  • Posted August 15, 2013

  • Severity: High

In Puppet Enterprise 3.0.0, because the database password was seeded as a console parameter, and because the dashboard did not restrict access to the `/nodes` end point, any node or attacker had the ability to retrieve the database password in clear text.


  • Affected Versions: Puppet Enterprise 3.0.0
  • Resolved in Puppet Enterprise 3.0.1
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.