CVE-2016-2785
Description
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.17
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-2785 are affected in Puppet Agent (x64) 1.4.1 | Windows |
| Vulnerabilities CVE-2016-2785 are affected in Puppet Agent 1.4.1 | Windows |
| Vulnerabilities CVE-2016-2785 are fixed in Ruby-puppet 4.4.2 | Windows |
| Vulnerabilities CVE-2016-2785 are fixed in Ruby-puppet for Linux 4.4.2 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342464 | Puppet Agent (x64) (8.10.0) |
| PATCH-342463 | Puppet Agent (8.10.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234