25 matches found
Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
puppet -- multiple vulnerabilities
Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...
Puppet Labs Puppet Enterprise Server Detection
Binary data 6881.prm...
Code injection
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file casclientconfig.yml when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie...
Fedora 17 : puppet-2.7.21-2.fc17 (2013-4187)
Updates for the security announcements from Puppet Labs on 12-Mar-2013. https://groups.google.com/group/puppet-announce/t/9200f268f8479e2c This update also provides backported fixes for a number of issues with ruby-1.9. Note that Tenable Network Security has extracted the preceding description...