CVE-2016-5714

Опубликовано: 18 окт. 2017

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."

Ссылки

https://bugs.gentoo.org/597684
Issue Tracking
Third Party Advisory
https://puppet.com/security/cve/cve-2016-5714
Vendor Advisory
https://puppet.com/security/cve/pxp-agent-oct-2016
Issue Tracking
Vendor Advisory
https://security.gentoo.org/glsa/201710-12
Third Party Advisory
https://bugs.gentoo.org/597684
Issue Tracking
Third Party Advisory
https://puppet.com/security/cve/cve-2016-5714
Vendor Advisory
https://puppet.com/security/cve/pxp-agent-oct-2016
Issue Tracking
Vendor Advisory
https://security.gentoo.org/glsa/201710-12
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*

Версия от 1.3.6 (включая) до 1.7.0 (включая)

EPSS

Процентиль: 77%

0.0101

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-5714

CVSS3: 7.2

ubuntu

больше 8 лет назад

CVE-2016-5714

CVSS3: 7.2

debian

больше 8 лет назад

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agen ...

GHSA-4h9c-3928-3w6h

CVSS3: 7.2

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.0101

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284