CVE-2016-2787 - Incorrect Broker Verification in Puppet Communications Protocol
Posted March 14, 2016
Assessed Risk Level: Medium
The Puppet Communications Protocol incorrectly validates certificates for the broker node. This allows non-whitelisted hosts to prevent the Puppet Communications Protocol from triggering runs.
Status:
Affected Software Versions:
Puppet Enterprise 2015.3.x prior to 2015.3.3
Resolved in:
Puppet Enterprise 2015.3.3
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.