CVE-2016-2785

Source
https://cve.org/CVERecord?id=CVE-2016-2785
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-2785
Aliases
Published
2016-06-10T15:59:00.140Z
Modified
2026-07-08T05:47:45.873314309Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "4.0.0"
                },
                {
                    "last_affected": "4.0.0"
                }
            ],
            "vendor_product": "puppet:puppet",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git
github.com/puppetlabs/puppet

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppet
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.0"
        },
        {
            "introduced": "4.0.0-rc1"
        },
        {
            "last_affected": "4.0.0-rc1"
        },
        {
            "introduced": "4.0.0-rc2"
        },
        {
            "last_affected": "4.0.0-rc2"
        },
        {
            "introduced": "4.0.0-rc3"
        },
        {
            "last_affected": "4.0.0-rc3"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.1.0"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.0"
        },
        {
            "introduced": "4.2.1"
        },
        {
            "last_affected": "4.2.1"
        },
        {
            "introduced": "4.2.2"
        },
        {
            "last_affected": "4.2.2"
        },
        {
            "introduced": "4.2.3"
        },
        {
            "last_affected": "4.2.3"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "last_affected": "4.3.0"
        },
        {
            "introduced": "4.3.1"
        },
        {
            "last_affected": "4.3.1"
        },
        {
            "introduced": "4.3.2"
        },
        {
            "last_affected": "4.3.2"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "last_affected": "4.4.0"
        },
        {
            "introduced": "4.4.1"
        },
        {
            "last_affected": "4.4.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

4.*
4.0.0
4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json"
github.com/puppetlabs/puppet-agent

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppet-agent
Events
Database specific
{
    "cpe": "cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.4.1"
        },
        {
            "last_affected": "1.4.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json"
github.com/puppetlabs/puppetlabs-puppet_agent

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppetlabs-puppet_agent
Events
Database specific
{
    "cpe": "cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.4.1"
        },
        {
            "last_affected": "1.4.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json"
github.com/puppetlabs/puppetserver

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppetserver
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "last_affected": "2.1.0"
        },
        {
            "introduced": "2.1.1"
        },
        {
            "last_affected": "2.1.1"
        },
        {
            "introduced": "2.1.2"
        },
        {
            "last_affected": "2.1.2"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "2.3.1"
        },
        {
            "last_affected": "2.3.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.0.0
2.1.0
2.1.1
2.1.2
2.2.0
2.3.0
2.3.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2785.json"