CVE-2016-2787
published 2017-02-13CVE-2016-2787: The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows…
medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet_enterprise | — | — |
| puppetlabs | puppet_enterprise | — | — |