CVE-2016-5716Use of Externally-Controlled Format String in Enterprise

CWE-134Use of Externally-Controlled Format String4 documents4 sources
Severity
8.8HIGHNVD
EPSS
2.3%
top 15.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedAug 9
Latest updateMay 14

Description

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5puppet/puppet_enterprisePE < 2016.4.0
NVDpuppet/puppet_enterprise12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-3mf2-j3p3-w43q: The console in Puppet Enterprise 20152022-05-14
CVEList
CVE-2016-5716: The console in Puppet Enterprise 20152017-08-09

📋Vendor Advisories

1
Debian
CVE-2016-5716: puppet - The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes un...2016
CVE-2016-5716 — Puppet Enterprise vulnerability | cvebase