Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
None
-
None
-
None
-
Agent
-
3
-
CVE-2017-2295
-
Agent 2017-05-03
-
Security Fix
-
An authenticated agent could make a catalog request with facts encoded in YAML. The puppetmaster/server did not properly validate and reject the request, resulting in the server loading arbitrary objects, which could lead to remote code execution.
-
Automate
-
Security risk, but easily tested
Description
The compiler will extract facts from the POST, and will deserialize using whatever format the user specifies. As a result, an attacker with a valid agent cert can cause the master to execute YAML.load on user specified input.
Attachments
Issue Links
- mentioned in
-
Page Loading...