CVE-2013-2274 Information

Description

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master or an agent with puppet kick enabled via a crafted request for a report.

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58447 https://puppetlabs.com/security/cve/cve-2013-2274/