CVE-2016-2787 - Incorrect Broker Verification in Puppet Communications Protocol

  • Posted March 14, 2016

  • Assessed Risk Level: Medium

The Puppet Communications Protocol incorrectly validates certificates for the broker node. This allows non-whitelisted hosts to prevent the Puppet Communications Protocol from triggering runs.


Affected Software Versions:

  • Puppet Enterprise 2015.3.x prior to 2015.3.3

Resolved in:

  • Puppet Enterprise 2015.3.3
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.