7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.6%
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for
incoming connections is enabled and allowing access to the “run” REST
endpoint is allowed, allows remote authenticated users to execute arbitrary
code via a crafted HTTP request.