CVE-2016-5715 - Arbitrary URL Redirection in Puppet Enterprise Console
Posted October 20, 2016
Assessed Risk Level: Medium
CVSS 3 Base Score: 4.2
The Puppet Enterprise Console does not properly validate the string parameter used to set the URL target for the next page transition. This can be leveraged to create believable phishing attacks and potentially harvest the victim's console credentials. This was thought to be resolved with the fix for CVE-2015-6501, but the fix was incomplete. Puppet Enterprise 2016.4.0 includes a fix for this vulnerability.
Thanks to John Page aka hyp3rlinx for responsibly disclosing this issue to us. This issue was also independently reported by NCC Group.
Affected Software Versions:
- Puppet Enterprise 2015.x
- Puppet Enterprise 2016.x prior to 2016.4.0
- Puppet Enterprise 2016.4.0