Описание
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CloudForms Tools 1 | puppet | Will not fix | ||
| Red Hat Enterprise MRG 1 | puppet | Under investigation | ||
| Red Hat OpenStack Platform 2.1 | puppet | Will not fix | ||
| Red Hat OpenStack Platform 4 | puppet | Affected | ||
| Red Hat Subscription Asset Manager | puppet | Affected | ||
| OpenStack 3 for RHEL 6 | facter | Fixed | RHSA-2013:1283 | 24.09.2013 |
| OpenStack 3 for RHEL 6 | hiera | Fixed | RHSA-2013:1283 | 24.09.2013 |
| OpenStack 3 for RHEL 6 | puppet | Fixed | RHSA-2013:1283 | 24.09.2013 |
| OpenStack 3 for RHEL 6 | ruby-augeas | Fixed | RHSA-2013:1283 | 24.09.2013 |
| OpenStack 3 for RHEL 6 | ruby-shadow | Fixed | RHSA-2013:1283 | 24.09.2013 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS2
Связанные уязвимости
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...
7.5 High
CVSS2