The host is installed with Puppet 2.x before 2.6.18, 2.7.x before 2.7.21, 3.1.x before 3.1.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to handle the default configuration for puppet masters. Successful exploitation allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.