Issue #13518 has been updated by Matthaus Litteken. Private changed from Yes to No
---------------------------------------- Bug #13518: file bucket request can execute arbitrary commands as puppet master https://projects.puppetlabs.com/issues/13518#change-60332 Author: Patrick Carlisle Status: Closed Priority: Immediate Assignee: Andrew Parker Category: security Target version: 2.7.13 Affected Puppet version: 2.6.0 Keywords: security Branch: This requires access to the cert on the agent and an unprivileged account on the master. By creating a path on the master in a world-writable location that matches a command string, one can then make a file bucket request to execute that command. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
