CVE-2013-4967

Overview

CVE-2013-4967 (External Node Classifiers Allowed Clear Text Database Password Query)

  • Posted August 15, 2013

  • Severity: High

Because the database password was seeded as a console parameter, and because the dashboard did not restrict access to the `/nodes` end point, any node or attacker had the ability to retrieve the database password in clear text.

Status

  • Resolved in Puppet Enterprise 3.0.1