Overview

CVE-2016-5714 - Unprivileged Access to Environment Catalogs

  • Posted October 20, 2016

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 5.3

In versions of Puppet Enterprise prior to 2016.4.0 there was unauthenticated access to the environment catalogs which may reveal sensitive information about your infrastructure if you are using Application Orchestration. This has been resolved in PE 2016.4.0.

Status:

Affected Software Versions:

  • Puppet Agent prior to 1.7.0
  • Puppet Enterprise 2015.3.x
  • Puppet Enterprise 2016.x prior to 2016.4.0

Resolved in:

  • Puppet Agent 1.7.0
  • Puppet Enterprise 2016.4.0