Vulnerabilities

CVE-2016-2785

by Fred · 10/06/2016

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

Date published : 2016-06-10

https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2

https://puppet.com/security/cve/cve-2016-2785

Similar

Tags: Cybersecurity Alert