VYPR
High severity7.2OSV Advisory· Published Oct 18, 2017· Updated Jun 17, 2026

CVE-2016-5714

CVE-2016-5714

Description

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • 0.1.0, 0.2.0, 1.0.0, …+ 2 more
    • (no CPE)range: 0.1.0, 0.2.0, 1.0.0, …
    • cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*range: >=1.3.6,<=1.7.0
    • (no CPE)range: 1.3.6 through 1.7.0
  • cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*
    • (no CPE)range: 2015.3.3, 2016.x before 2016.4.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.