CVE-2016-5714 (retired)

Priority
Description
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent
1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist
protection mechanism and execute arbitrary code on Puppet nodes via vectors
related to command validation, aka "Puppet Execution Protocol (PXP) Command
Whitelist Validation Vulnerability."
Notes
ratliffUpstream says "Default configurations of FOSS Puppet Agent are not vulnerable."
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2019-10-09 07:56:56 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)