6.9 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.1%
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
github.com/puppetlabs/puppet
github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387
github.com/puppetlabs/puppet/commits/4.4.2
nvd.nist.gov/vuln/detail/CVE-2016-2785
puppet.com/security/cve/cve-2016-2785
security.gentoo.org/glsa/201606-02