High severity7.2OSV Advisory· Published Oct 18, 2017· Updated Jun 17, 2026
CVE-2016-5714
CVE-2016-5714
Description
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
90.1.0, 0.2.0, 1.0.0, …+ 2 more
- (no CPE)range: 0.1.0, 0.2.0, 1.0.0, …
- cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*range: >=1.3.6,<=1.7.0
- (no CPE)range: 1.3.6 through 1.7.0
cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*
- (no CPE)range: 2015.3.3, 2016.x before 2016.4.0
Patches
Vulnerability mechanics
References
4- bugs.gentoo.org/597684nvdIssue TrackingThird Party Advisory
- puppet.com/security/cve/cve-2016-5714nvdVendor Advisory
- puppet.com/security/cve/pxp-agent-oct-2016nvdIssue TrackingVendor Advisory
- security.gentoo.org/glsa/201710-12nvdThird Party Advisory
News mentions
0No linked articles in our index yet.