NVD

Id
18773  
Name
CVE-2016-2785  
Description
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-06-10  
Modified Date
2016-06-14  
Seq
2016-2785  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
103843 18773 CVE-2016-2785 https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2  View
103844 18773 CVE-2016-2785 https://puppet.com/security/cve/cve-2016-2785  View
103845 18773 CVE-2016-2785 GLSA-201606-02  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
2374 JVNDB-2016-003147 Puppet Server および Puppet ならびに Puppet Agent の Ruby puppetmaster における auth.conf へのアクセス制限を回避される脆弱性 Puppet Server および Puppet ならびに Puppet Agent の Ruby puppetmaster には、auth.conf へのアクセス制限を回避される脆弱性が存在します。 CVE-2016-2785 89291 CVE-2016-2785 18773 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-003147.html 2016-04-26 2016-06-16 View