CVE-2016-2785
CRITICAL9.8EPSS 0.17%Puppet Improper Access Control
發布日:2022/5/13修改日:2024/2/16
描述
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
受影響套件(1)
- RubyGems/puppet>= 4.0.0, < 4.4.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-2785
- PATCHhttps://github.com/puppetlabs/puppet
- WEBhttps://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387
- WEBhttps://github.com/puppetlabs/puppet/commits/4.4.2
- WEBhttps://puppet.com/security/cve/cve-2016-2785
- WEBhttps://security.gentoo.org/glsa/201606-02