Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-03-20T16:00:00

Updated: 2024-08-06T15:13:32.279Z

Reserved: 2013-02-11T00:00:00

Link: CVE-2013-1653

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-03-20T16:55:01.770

Modified: 2024-11-21T01:50:05.207

Link: CVE-2013-1653

cve-icon Redhat

No data.