Overview

CVE-2016-5713 - Environment Leakage in pxp-module-puppet

  • Posted August 11, 2016

  • Assessed Risk Level: Low

  • CVSS 3 Base Score: 2.5

Previous versions of Puppet Agent included a version of the Puppet Execution Protocol Agent allowed environment variables to be passed through to Puppet runs. This could allow unauthorized code to be loaded.

Status:

Affected Software Versions:

  • Puppet Agent 1.3.0 - 1.5.x

Resolved in:

  • Puppet Agent 1.6.0