7.2 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.1%
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
puppet.com/security/cve/cve-2016-2785
security.gentoo.org/glsa/201606-02