Please sign in to comment.
(#19531) (CVE-2013-2275) Only allow report save from the node matchin…
…g the certname Without this patch applied any authenticated client is able to save a report for any node by default. This is a problem because the compliance feature of Puppet Enterprise expects reports to be submitted only from the node the report is associated with. This patch addresses the problem by restricting the access control rules in a similar manner to the catalog. With this patch applied, the default behavior of the Puppet master will only allow reports to be saved when the node name matches the cert name.
- Loading branch information...
Showing with 16 additions and 4 deletions.