CVE-2016-5716

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
puppetCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
puppetpuppet_enterprise
2015.2.0
puppetpuppet_enterprise
2015.2.1
puppetpuppet_enterprise
2015.2.2
puppetpuppet_enterprise
2015.2.3
puppetpuppet_enterprise
2015.3.0
puppetpuppet_enterprise
2015.3.1
puppetpuppet_enterprise
2015.3.2
puppetpuppet_enterprise
2015.3.3
puppetpuppet_enterprise
2016.1.1
puppetpuppet_enterprise
2016.1.2
puppetpuppet_enterprise
2016.2.0
puppetpuppet_enterprise
2016.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Common Weakness Enumeration
References
https://puppet.com/security/cve/pe-console-oct-2016
https://puppet.com/security/cve/pe-console-oct-2016