CVE-2016-2786

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-2786

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2786.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-2786

Published

2016-06-10T15:59:01.343Z

Modified

2026-02-14T00:02:39.811796Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

References

Affected packages

Git / github.com/puppetlabs/puppetlabs-puppet_agent

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppetlabs-puppet_agent
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c6ab0483ab258a1241a66cb9d9cd5419357cbc60

Affected versions

0.*

0.1.0

0.2.0

1.*

1.0.0

1.1.0

1.2.0

1.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2786.json"