When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.
External Reference: http://puppetlabs.com/security/cve/cve-2013-3567/
Created puppet tracking bugs for this issue Affects: fedora-all [bug 975814] Affects: epel-all [bug 975816]
The Red Hat Security Response Team has rated this issue as having moderate security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates.
Acknowledgements: Red Hat would like to thank Puppet Labs for reporting this issue. Upstream acknowledges Ben Murphy as the original reporter.
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1283 https://rhn.redhat.com/errata/RHSA-2013-1283.html
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1284 https://rhn.redhat.com/errata/RHSA-2013-1284.html