PT-2017-1213 · Puppet · Puppet Enterprise
Published
2017-01-12
·
Updated
2026-05-13
·
CVE-2016-5715
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Puppet Enterprise versions 2015.x through 2016.x before 2016.4.0
Description
The issue is related to an open redirect vulnerability in the Console component. This vulnerability allows remote attackers to redirect users to arbitrary web sites by including a // (slash slash) followed by a domain in the
redirect parameter, potentially leading to phishing attacks.Recommendations
For Puppet Enterprise versions 2015.x through 2016.x before 2016.4.0, update to version 2016.4.0 or later to resolve the issue.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Puppet Enterprise