7.2
CVE-2016-5714
- EPSS 1.01%
- Veröffentlicht 18.10.2017 18:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPuppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Puppet ≫ Puppet Enterprise Version2015.3.3
Puppet ≫ Puppet Enterprise Version2016.1.1
Puppet ≫ Puppet Enterprise Version2016.1.2
Puppet ≫ Puppet Enterprise Version2016.2.0
Puppet ≫ Puppet Enterprise Version2016.2.1
Puppet ≫ Puppet Agent Version >= 1.3.6 <= 1.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.761 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.