N/A

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

N/A

N/A

Puppet Enterprise 安全漏洞

Puppet是美国Puppet实验室的一套基于客户端/服务器（C/S）架构的配置管理工具，它可用于管理配置文件、用户、cron任务、软件包、系统服务等。Puppet Enterprise是一个企业版。 Puppet Enterprise 2017.3.3之前的2017.3.x版本中存在远程代码执行漏洞。远程攻击者可借助特制的字符串利用该漏洞执行代码。

N/A

N/A