CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
puppetpuppet
4.0.0
puppetpuppet
4.0.0:rc1
puppetpuppet
4.0.0:rc2
puppetpuppet
4.0.0:rc3
puppetpuppet
4.1.0
puppetpuppet
4.2.0
puppetpuppet
4.2.1
puppetpuppet
4.2.2
puppetpuppet
4.2.3
puppetpuppet
4.3.0
puppetpuppet
4.3.1
puppetpuppet
4.3.2
puppetpuppet
4.4.0
puppetpuppet
4.4.1
puppetpuppet_server
2.0.0
puppetpuppet_server
2.1.0
puppetpuppet_server
2.1.1
puppetpuppet_server
2.1.2
puppetpuppet_server
2.2.0
puppetpuppet_server
2.3.0
puppetpuppet_server
2.3.1
puppetpuppet_agent
1.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
puppetserver
bookworm
7.9.5-2
fixed
sid
8.4.0-7
fixed
trixie
8.4.0-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
xenial
not-affected
wily
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
https://puppet.com/security/cve/cve-2016-2785
https://security.gentoo.org/glsa/201606-02
https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
https://puppet.com/security/cve/cve-2016-2785
https://security.gentoo.org/glsa/201606-02