Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
References
Link | Resource |
---|---|
https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2 | Vendor Advisory |
https://puppet.com/security/cve/cve-2016-2785 | Vendor Advisory |
https://security.gentoo.org/glsa/201606-02 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
09 Sep 2021, 12:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:puppetlabs:puppet:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.3.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_agent:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.3.2:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.3.0:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:puppetlabs:puppet_server:2.1.2:*:*:*:*:*:*:* |
cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:* |
References | (CONFIRM) https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2 - Vendor Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201606-02 - Third Party Advisory |
Information
Published : 2016-06-10 15:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-2785
Mitre link : CVE-2016-2785
CVE.ORG link : CVE-2016-2785
JSON object : View
Products Affected
puppet
- puppet_server
- puppet_agent
- puppet
CWE
CWE-284
Improper Access Control