CVE-2013-1653 (retired)

Priority
Description
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for
incoming connections is enabled and allowing access to the "run" REST
endpoint is allowed, allows remote authenticated users to execute arbitrary
code via a crafted HTTP request.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.7.21, 3.1.1)
More Information

Updated: 2019-10-09 07:45:01 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)