CVE-2016-5716

Published: Aug 9, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

Affected (12)

Products: Puppet: Puppet Enterprise

Puppet

1 product

Puppet Enterprise

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Version 2015.2.0
Puppet Puppet Enterprise	Version 2015.2.1
Puppet Puppet Enterprise	Version 2015.2.2
Puppet Puppet Enterprise	Version 2015.2.3
Puppet Puppet Enterprise	Version 2015.3.0
Puppet Puppet Enterprise	Version 2015.3.1
Puppet Puppet Enterprise	Version 2015.3.2
Puppet Puppet Enterprise	Version 2015.3.3
Puppet Puppet Enterprise	Version 2016.1.1
Puppet Puppet Enterprise	Version 2016.1.2
Puppet Puppet Enterprise	Version 2016.2.0
Puppet Puppet Enterprise	Version 2016.2.1

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (2)

https://puppet.com/security/cve/pe-console-oct-2016

Source: security@puppet.com

Vendor Advisory

https://puppet.com/security/cve/pe-console-oct-2016

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.