CVE-2016-2785

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-2785
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-2785
Aliases
Published
2016-06-10T15:59:00.140Z
Modified
2026-03-13T11:32:05.786619Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

References

Affected packages

Git / github.com/puppetlabs/puppet

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75c303d554628a988ac0b361582a9c974d4475e8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4dae4b348ab6942d07c178fd160726e2c7895eaa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
27ec86b005b6a48aed9a9dd3516d1108effe8eaf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a5324c3ee41eb03f3746995f3e3c4327ded7e7f1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5b1be4b4a03cec245ec2165f70e1413045681c68
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d93f59152eeb30c292b5e134d39967e03e41ff61
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
62f7876dc7225f901aa934524fe5003e228fc746
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
41fb348a3ac0262e5f0d8179e1389a0bb0f5645e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b88d6d8ed1a01c5f1d71883594d93e728e72380b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
74f5c0041da64f5633b605b7d7b18afcfdc4eabd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f223e717763aa79a28314425fa6917eb57ec3af8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
280674ff8e2cb4ee62ad24fec67f40e2e9110fa3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
db118077413e6dfe1faf394cd9207e3d603dd190
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
37d1d457b38d29c39c689ddd484285c7821a7194
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/puppetlabs/puppet-agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1fc76b7039d540aa0ccb6af199a1ccf046649e70
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/puppetlabs/puppetserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
612d532124560881e63aa35a0f56b50a67f06e82
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8453ac51f4477a9243ce44cc0d3e45e747ed3142
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9c3955cda911793bf68f0d6be61d2fa2154be04a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
613263d03fd417723600d5a9536f534836f43e18
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a51c605d5cace4b62ab3cca929919a756f8e87b2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aa72ccf8ae92f302b8c74a903eb86613087faae5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0b8199d9f35d5c17c241bad7d3f0c34d7b929270
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.1"
        }
    ]
}

Affected versions

0.*
0.1.3
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.24.0
0.24.1
0.24.2
0.24.3
0.24.4
0.24.5
0.24.6
0.24.7
0.24.7rc1
0.24.8rc1
0.25.0
0.25.0beta1
0.25.0beta2
0.25.0rc1
0.25.1
0.25.1rc1
0.25.1rc2
0.25.2
0.25.2rc1
0.25.2rc2
0.25.2rc3
0.25.3
0.25.4
0.25.4rc1
0.25.4rc2
0.25.4rc3
0.25.5
0.25.5rc1
0.25.5rc2
0.25.5rc3
0.3.0
0.3.1
0.3.2
0.9.0
0.9.1
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4.0
1.4.1
2.*
2.0.0-rc3
2.6.0
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.13rc1
2.6.14
2.6.15
2.6.16
2.6.1rc1
2.6.1rc2
2.6.1rc3
2.6.1rc4
2.6.2
2.6.2rc1
2.6.3
2.6.3rc1
2.6.3rc2
2.6.3rc3
2.6.4
2.6.5
2.6.5rc1
2.6.5rc2
2.6.5rc3
2.6.5rc4
2.6.5rc5
2.6.6
2.6.6rc1
2.6.7
2.6.7rc1
2.6.8
2.6.8rc1
2.6.9
2.6.9rc1
2.7.0
2.7.0rc1
2.7.0rc2
2.7.0rc3
2.7.0rc4
2.7.1
2.7.10
2.7.10rc1
2.7.11-1
2.7.12
2.7.12rc1
2.7.12rc2
2.7.13
2.7.14
2.7.14rc1
2.7.14rc2
2.7.14rc3
2.7.15rc1
2.7.15rc2
2.7.15rc3
2.7.15rc4
2.7.16
2.7.16rc1
2.7.17
2.7.18
2.7.19
2.7.19rc1
2.7.19rc2
2.7.19rc3
2.7.20
2.7.20-rc1
2.7.21
2.7.22
2.7.23
2.7.2rc1
2.7.2rc2
2.7.2rc3
2.7.3
2.7.3.rc1
2.7.3rc1
2.7.4
2.7.4rc1
2.7.4rc2
2.7.4rc3
2.7.5
2.7.6
2.7.6rc1
2.7.6rc2
2.7.6rc3
2.7.7
2.7.7rc1
2.7.8
2.7.8rc1
2.7.8rc2
2.7.9
3.*
3.0.0
3.0.0-rc4
3.0.0-rc5
3.0.0-rc6
3.0.0-rc7
3.0.0-rc8
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.1
3.0.1-rc1
3.0.2
3.0.2-rc1
3.0.2-rc2
3.0.2-rc3
3.1.0
3.1.0-rc1
3.1.0-rc2
3.1.1
3.2.0
3.2.0-rc1
3.2.0-rc2
3.2.1
3.2.1-rc1
3.2.2
3.2.3
3.2.3-rc1
3.2.4
3.3.0
3.3.0-rc1
3.3.0-rc2
3.3.0-rc3
3.3.1
3.3.1-rc1
3.3.1-rc2
3.3.1-rc3
3.3.2
3.4.0
3.4.0-rc1
3.4.0-rc2
3.4.1
3.4.2
3.4.3
3.5.0
3.5.0-rc1
3.5.0-rc2
3.5.0-rc3
3.5.1
3.5.1-rc1
3.6.0
3.6.0-rc1
3.6.1
3.6.2
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
4.*
4.0.0
4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
debian/0.*
debian/0.25.1
jvm-puppet-0.*
jvm-puppet-0.1.2
jvm-puppet-0.1.3
jvm-puppet-0.1.4
jvm-puppet-0.1.5
jvm-puppet-0.1.6
puppet-0.*
puppet-0.24.5-rc3
puppet-server-0.*
puppet-server-0.1.10
puppet-server-0.1.11
puppet-server-0.1.12
puppet-server-0.1.13
puppet-server-0.1.14
puppet-server-0.1.15
puppet-server-0.1.16
puppet-server-0.1.7
puppet-server-0.1.8
puppet-server-0.1.9
puppet-server-0.2.0
puppet-server-0.2.1
puppet-server-0.2.2
puppet-server-0.3.0
puppet-server-0.4.0
puppet-server-0.4.1
puppet-server-1.*
puppet-server-1.0.0
puppet-server-1.0.1
puppet-server-1.0.2
puppet-server-1.0.3
puppet-server-2.*
puppet-server-2.0.0
tags/2.*
tags/2.6.0rc1
tags/2.6.0rc2
tags/2.6.0rc3
upstream/0.*
upstream/0.25.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json"