Puppet Communications Protocol (PCP) Broker String Validation Vulnerability
Posted October 20, 2016
Assessed Risk Level: CriticalNote: Considered alone this vulnerability is Low Risk, but in combination with the PXP Agent vulnerability this becomes Critical.
CVSS 3 Base Score: 3.8
Prior to Puppet Enterprise 2016.4.0 the PCP broker failed to properly validate message types, which could allow a compromised Puppet Agent hosts to trigger Puppet runs on other agents.
Reported by NCC Group.
Affected Software Versions:
- Puppet Enterprise 2015.3.x
- Puppet Enterprise 2016.x prior to 2016.4.0
- Puppet Enterprise 2016.4.0