Remote Code Execution in Puppet Enterprise Console

CVSS 3 Base Score:
9.1

Posted On:
October 20, 2016

Assessed Risk Level:
Critical

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. This has been resolved in PE 2016.4.0. Reported by NCC Group

Status:

Affected software versions:

Puppet Enterprise 2015.x
Puppet Enterprise 2016.x prior to 2016.4.0

Resolved in:

Puppet Enterprise 2016.4.0

← Back to CVE Listings

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

Remote Code Execution in Puppet Enterprise Console

CVSS 3 Base Score:
9.1

Posted On:
October 20, 2016

Assessed Risk Level:
Critical

Status:

Get Started

Puppet

Premium Features

Remote Code Execution in Puppet Enterprise Console

CVSS 3 Base Score: 9.1

Posted On: October 20, 2016

Assessed Risk Level: Critical

Status:

CVSS 3 Base Score:
9.1

Posted On:
October 20, 2016

Assessed Risk Level:
Critical