PT-2017-8751 · Puppet · Puppet Enterprise
Published
2017-08-09
·
Updated
2019-07-10
·
CVE-2016-5716
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Puppet Enterprise versions 2015.x through 2016.3.x
Description
The issue concerns unsafe string reads in the console of Puppet Enterprise, potentially allowing for remote code execution on the console node.
Recommendations
For Puppet Enterprise versions 2015.x through 2016.3.x, update to version 2016.4.0 or later to resolve the issue.
Fix
RCE
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Puppet Enterprise