The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13518

Updated by Matthaus Owens over 2 years ago

This requires access to the cert on the agent and an unprivileged account on the master.

By creating a path on the master in a world-writable location that matches a command string, one can then make a file bucket request to execute that command.
Zero day goes here

Back