Issue #19456 has been updated by Matthaus Owens. Private changed from Yes to No
---------------------------------------- Bug #19456: Remote code execution on the puppet master and kick-enabled agents (2.6.x only) https://projects.puppetlabs.com/issues/19456#change-88951 * Author: Josh Cooper * Status: Closed * Priority: Normal * Assignee: * Category: * Target version: 2.6.18 * Affected Puppet version: 2.6.0 * Keywords: * Branch: ---------------------------------------- A bug in Puppet allows an authenticated client to execute arbitrary code on the puppet master in its default configuration. Given a valid certificate and private key, a client can construct an HTTP PUT request that is authorized to save the client's report, but the request will actually cause the puppet master to execute arbitrary code. This only affects 2.6.x. This issue is related to #19392 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
