Overview

CVE-2016-5714 - Unprivileged Access to Environment Catalogs

Posted October 20, 2016
Assessed Risk Level: Medium
CVSS 3 Base Score: 5.3

In versions of Puppet Enterprise prior to 2016.4.0 there was unauthenticated access to the environment catalogs which may reveal sensitive information about your infrastructure if you are using Application Orchestration. This has been resolved in PE 2016.4.0.

Status:

Affected Software Versions:

Puppet Agent prior to 1.7.0
Puppet Enterprise 2015.3.x
Puppet Enterprise 2016.x prior to 2016.4.0

Resolved in:

Puppet Agent 1.7.0
Puppet Enterprise 2016.4.0

Overview

CVE-2016-5714 - Unprivileged Access to Environment Catalogs

Posted October 20, 2016

Assessed Risk Level: Medium

CVSS 3 Base Score: 5.3

Status: