CVE-2013-4967 (External Node Classifiers Allowed Clear Text Database Password Query)
Posted August 15, 2013
In Puppet Enterprise 3.0.0, because the database password was seeded as a console parameter, and because the dashboard did not restrict access to the `/nodes` end point, any node or attacker had the ability to retrieve the database password in clear text.
- Affected Versions: Puppet Enterprise 3.0.0
- Resolved in Puppet Enterprise 3.0.1