CVE-2016-5715Open Redirect in Enterprise

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.7%
top 28.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedJan 12
Latest updateMay 13

Description

Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDpuppet/puppet_enterprise2015.2.02015.3.3+1

🔴Vulnerability Details

2
GHSA
GHSA-vgm7-rcgw-qc8p: Open redirect vulnerability in the Console in Puppet Enterprise 20152022-05-13
CVEList
CVE-2016-5715: Open redirect vulnerability in the Console in Puppet Enterprise 20152017-01-12

📋Vendor Advisories

1
Debian
CVE-2016-5715: puppet - Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016....2016
CVE-2016-5715 — Open Redirect in Puppet Enterprise | cvebase