High severity8.8NVD Advisory· Published Aug 9, 2017· Updated Jun 17, 2026
CVE-2016-5716
CVE-2016-5716
Description
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
Affected products
14cpe:2.3:a:puppet:puppet_enterprise:2015.2.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:puppet:puppet_enterprise:2015.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*
- (no CPE)range: <2016.4.0
- (no CPE)range: PE < 2016.4.0
Patches
Vulnerability mechanics
References
1- puppet.com/security/cve/pe-console-oct-2016nvdVendor Advisory
News mentions
0No linked articles in our index yet.