PT-2017-8260 · Puppet · Puppet Enterprise

Published

2017-02-13

Updated

2019-07-10

CVE-2016-2787

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2015.3.x through 2015.3.2

Description The issue is related to the Puppet Communications Protocol, which does not properly validate certificates for the broker node. This allows remote non-whitelisted hosts to prevent runs from triggering.

Recommendations For Puppet Enterprise versions 2015.3.x through 2015.3.2, update to version 2015.3.3 to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-2787

Affected Products

Puppet Enterprise

PT-2017-8260 · Puppet · Puppet Enterprise

CVE-2016-2787

Weakness Enumeration

Related Identifiers

Affected Products

References · 3