Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
                
            References
                    | Link | Resource | 
|---|---|
| http://puppetlabs.com/security/cve/cve-2013-4967 | Vendor Advisory | 
| http://puppetlabs.com/security/cve/cve-2013-4967 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2013-08-20 22:55
Updated : 2025-04-11 00:51
NVD link : CVE-2013-4967
Mitre link : CVE-2013-4967
CVE.ORG link : CVE-2013-4967
JSON object : View
Products Affected
                puppet
- puppet_enterprise
CWE
                
                    
                        
                        CWE-255
                        
            Credentials Management Errors
