CVE-2016-2786
- Source
- https://cve.org/CVERecord?id=CVE-2016-2786
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2786.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-2786
- Published
- 2016-06-10T15:59:01.343Z
- Modified
- 2026-04-10T03:49:15.272858Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.
- References
Affected packages
Git / github.com/puppetlabs/puppet-agent
Affected ranges
- Type
- GIT
- Repo
- https://github.com/puppetlabs/puppet-agent
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.3.4" }, { "introduced": "0" }, { "last_affected": "1.3.5" } ] }
- Type
- GIT
- Repo
- https://github.com/puppetlabs/puppetlabs-puppet_agent
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.3.0" }, { "introduced": "0" }, { "last_affected": "1.3.1" }, { "introduced": "0" }, { "last_affected": "1.3.2" } ] }