CVE-2016-2785

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-2785
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-2785
Aliases
Published
2016-06-10T15:59:00Z
Modified
2024-09-03T01:13:41.559989Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

References

Affected packages

Git / github.com/puppetlabs/puppet

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
27ec86b005b6a48aed9a9dd3516d1108effe8eaf
Last affected
280674ff8e2cb4ee62ad24fec67f40e2e9110fa3
Last affected
37d1d457b38d29c39c689ddd484285c7821a7194
Last affected
41fb348a3ac0262e5f0d8179e1389a0bb0f5645e
Last affected
4dae4b348ab6942d07c178fd160726e2c7895eaa
Last affected
5b1be4b4a03cec245ec2165f70e1413045681c68
Last affected
62f7876dc7225f901aa934524fe5003e228fc746
Last affected
74f5c0041da64f5633b605b7d7b18afcfdc4eabd
Last affected
75c303d554628a988ac0b361582a9c974d4475e8
Last affected
a5324c3ee41eb03f3746995f3e3c4327ded7e7f1
Last affected
b88d6d8ed1a01c5f1d71883594d93e728e72380b
Last affected
d93f59152eeb30c292b5e134d39967e03e41ff61
Last affected
db118077413e6dfe1faf394cd9207e3d603dd190
Last affected
f223e717763aa79a28314425fa6917eb57ec3af8
Type
GIT
Repo
https://github.com/puppetlabs/puppet-agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1fc76b7039d540aa0ccb6af199a1ccf046649e70
Type
GIT
Repo
https://github.com/puppetlabs/puppetlabs-puppet_agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
009d60263a374c8e2a3887622c73f1c852d9ed17
Last affected
09e430cd0c3670d12789a21d67b021c83e849663
Last affected
44db66643a1d87a002c875fa908575448f7d2353
Last affected
459e3d2f29a785919bf89772ce3ffb6d66336a6e
Last affected
a4748e86ab7c6e7152e1b430cec3c841bdb768df
Last affected
bd9bc7768212e77dc061c7eeecaad4ce65717bb4
Last affected
dbe413e68adaa97fd2c07beca3be1f59094e7a5c
Last affected
e4d4e4775555f378fd0b2dfc05250e017ed5c351
Last affected
ea7bdeb61953484bf2668c36890276354a807991
Last affected
f750aed8974ce198f4b1ac4cd7448295012f9ff0
Last affected
f92f69abdfd02964560058bb2b46281da51c45b6
Type
GIT
Repo
https://github.com/puppetlabs/puppetserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0b8199d9f35d5c17c241bad7d3f0c34d7b929270
Last affected
612d532124560881e63aa35a0f56b50a67f06e82
Last affected
613263d03fd417723600d5a9536f534836f43e18
Last affected
8453ac51f4477a9243ce44cc0d3e45e747ed3142
Last affected
9c3955cda911793bf68f0d6be61d2fa2154be04a
Last affected
a51c605d5cace4b62ab3cca929919a756f8e87b2
Last affected
aa72ccf8ae92f302b8c74a903eb86613087faae5

Affected versions

0.*

0.1.0
0.1.3
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.24.0
0.24.1
0.24.2
0.24.3
0.24.4
0.24.5
0.24.6
0.24.7
0.24.7rc1
0.24.8rc1
0.25.0
0.25.0beta1
0.25.0beta2
0.25.0rc1
0.25.1
0.25.1rc1
0.25.1rc2
0.25.2
0.25.2rc1
0.25.2rc2
0.25.2rc3
0.25.3
0.25.4
0.25.4rc1
0.25.4rc2
0.25.4rc3
0.25.5
0.25.5rc1
0.25.5rc2
0.25.5rc3
0.3.0
0.3.1
0.3.2
0.9.0
0.9.1

1.*

1.0.0
1.0.1
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4.0
1.4.1
1.5.0
1.6.0
1.6.1
1.6.2
1.7.0

2.*

2.0.0
2.0.0-rc3
2.0.1
2.1.0
2.1.1
2.1.2
2.2.0
2.6.0
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.13rc1
2.6.14
2.6.15
2.6.16
2.6.1rc1
2.6.1rc2
2.6.1rc3
2.6.1rc4
2.6.2
2.6.2rc1
2.6.3
2.6.3rc1
2.6.3rc2
2.6.3rc3
2.6.4
2.6.5
2.6.5rc1
2.6.5rc2
2.6.5rc3
2.6.5rc4
2.6.5rc5
2.6.6
2.6.6rc1
2.6.7
2.6.7rc1
2.6.8
2.6.8rc1
2.6.9
2.6.9rc1
2.7.0
2.7.0rc1
2.7.0rc2
2.7.0rc3
2.7.0rc4
2.7.1
2.7.10
2.7.10rc1
2.7.11-1
2.7.12
2.7.12rc1
2.7.12rc2
2.7.13
2.7.14
2.7.14rc1
2.7.14rc2
2.7.14rc3
2.7.15rc1
2.7.15rc2
2.7.15rc3
2.7.15rc4
2.7.16
2.7.16rc1
2.7.17
2.7.18
2.7.19
2.7.19rc1
2.7.19rc2
2.7.19rc3
2.7.20
2.7.20-rc1
2.7.21
2.7.22
2.7.23
2.7.2rc1
2.7.2rc2
2.7.2rc3
2.7.3
2.7.3.rc1
2.7.3rc1
2.7.4
2.7.4rc1
2.7.4rc2
2.7.4rc3
2.7.5
2.7.6
2.7.6rc1
2.7.6rc2
2.7.6rc3
2.7.7
2.7.7rc1
2.7.8
2.7.8rc1
2.7.8rc2
2.7.9

3.*

3.0.0
3.0.0-rc4
3.0.0-rc5
3.0.0-rc6
3.0.0-rc7
3.0.0-rc8
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.1
3.0.1-rc1
3.0.2
3.0.2-rc1
3.0.2-rc2
3.0.2-rc3
3.1.0
3.1.0-rc1
3.1.0-rc2
3.1.1
3.2.0
3.2.0-rc1
3.2.0-rc2
3.2.1
3.2.1-rc1
3.2.2
3.2.3
3.2.3-rc1
3.2.4
3.3.0
3.3.0-rc1
3.3.0-rc2
3.3.0-rc3
3.3.1
3.3.1-rc1
3.3.1-rc2
3.3.1-rc3
3.3.2
3.4.0
3.4.0-rc1
3.4.0-rc2
3.4.1
3.4.2
3.4.3
3.5.0
3.5.0-rc1
3.5.0-rc2
3.5.0-rc3
3.5.1
3.5.1-rc1
3.6.0
3.6.0-rc1
3.6.1
3.6.2
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4

4.*

4.0.0-rc1
4.0.0-rc2

debian/0.*

debian/0.25.1

jvm-puppet-0.*

jvm-puppet-0.1.2
jvm-puppet-0.1.3
jvm-puppet-0.1.4
jvm-puppet-0.1.5
jvm-puppet-0.1.6

puppet-0.*

puppet-0.24.5-rc3

puppet-server-0.*

puppet-server-0.1.10
puppet-server-0.1.11
puppet-server-0.1.12
puppet-server-0.1.13
puppet-server-0.1.14
puppet-server-0.1.15
puppet-server-0.1.16
puppet-server-0.1.7
puppet-server-0.1.8
puppet-server-0.1.9
puppet-server-0.2.0
puppet-server-0.2.1
puppet-server-0.2.2
puppet-server-0.3.0
puppet-server-0.4.0
puppet-server-0.4.1

puppet-server-1.*

puppet-server-1.0.0
puppet-server-1.0.1
puppet-server-1.0.2
puppet-server-1.0.3
puppet-server-1.0.8
puppet-server-1.1.0
puppet-server-1.1.1
puppet-server-1.1.2
puppet-server-1.1.3

puppet-server-2.*

puppet-server-2.0.0
puppet-server-2.1.0
puppet-server-2.1.1
puppet-server-2.1.2
puppet-server-2.1.3-alpha1
puppet-server-2.2.0
puppet-server-2.2.1
puppet-server-2.3.0
puppet-server-2.3.1

tags/2.*

tags/2.6.0rc1
tags/2.6.0rc2
tags/2.6.0rc3

upstream/0.*

upstream/0.25.0