Arbitrary Code Execution Through REST API Call

2019-01-1508:59:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

CPENameOperatorVersion
puppeteq2.6.17__2.el6ost
puppeteq2.6.14__1.el6
puppeteq2.6.11__1.el6_1
puppeteq2.6.18__1.el6ost
puppeteq2.6.17__2.el6cf
ruby-augeaseq0.3.0__1.el6
factereq1.5.9__1.el6

Name	Operator	Version
puppet	eq	2.6.17__2.el6ost
puppet	eq	2.6.14__1.el6
puppet	eq	2.6.11__1.el6_1
puppet	eq	2.6.18__1.el6ost
puppet	eq	2.6.17__2.el6cf
ruby-augeas	eq	0.3.0__1.el6
facter	eq	1.5.9__1.el6