Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-2785

Опубликовано: 10 июн. 2016
Источник: debian

Описание

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
puppetnot-affectedpackage
puppetservernot-affectedpackage

Примечания

  • https://puppet.com/security/cve/cve-2016-2785

  • https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2

Связанные уязвимости

ubuntu логотип

CVE-2016-2785

CVSS3: 9.8
ubuntu
больше 9 лет назад

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

redhat логотип

CVE-2016-2785

redhat
почти 10 лет назад

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

nvd логотип

CVE-2016-2785

CVSS3: 9.8
nvd
больше 9 лет назад

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

github логотип

GHSA-pqj5-7r86-64fv

CVSS3: 9.8
github
больше 3 лет назад

Puppet Improper Access Control