3 matches found
CVE-2016-5715
CVE-2016-5715 affects Puppet Enterprise Console: open redirect in the login redirect parameter on Puppet Enterprise 2015.x and 2016.x before 2016.4.0. Root cause described as an incomplete fix for CVE-2015-6501. Impact: attackers can lure users to arbitrary sites via a crafted //domain URL. The v...
CVE-2016-9686
CVE-2016-9686 affects the Puppet Communications Protocol (PCP) Broker in Puppet Enterprise. The root cause is incorrect validation of message header sizes, allowing an attacker to crash the PCP Broker and prevent commands from reaching agents, resulting in a partial availability impact. The vulne...
CVE-2018-6513
The vulnerability CVE-2018-6513 affects Puppet Enterprise and Puppet Agent: unprivileged Windows agents can write custom facts due to loading shared libraries from untrusted paths, enabling privilege escalation on the next puppet run. Affected: Puppet Enterprise 2016.4.x before 2016.4.12, 2017.3....