CVSS 3 Base Score:

Posted On:

Assessed Risk Level:

A vulnerability found in Puppet could allow unauthenticated clients to send requests to the puppet master which would cause it to load code unsafely. While there are no reported exploits, this vulnerability could cause issues like those described in Rails CVE-2013-0156. This vulnerability only affects puppet masters running Ruby 1.9.3 and higher.


Affected software versions:Resolved in:
  • Resolved in Puppet 2.7.21, 3.1.1