Detections
Analytics

Puppet Enterprise < 2016.4.0 Multiple Vulnerabilities

high Nessus Plugin ID 129754

Language:

Synopsis

A web application running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise application running on the remote host is version prior to 2016.2.1. It is, therefore, affected by the following vulnerabilities :

 - An information disclosure vulnerability exists in the environment catalog component. An unauthenticated remote attacker can exploit this issue to retrieve access to the enviroment catalogs which may reveal sensitive information about infrastructure of application orchestration users.(CVE-2016-5714)

 - An url redirection vulnerability exists in the next page transition. An unauthenticated remote attacker can exploit this issue to create believable phishing attacks.(CVE-2016-5715)

Solution

Upgrade to Puppet Enterprise version 2016.4.0 or later.

See Also

https://puppet.com/security/cve/CVE-2016-5714

https://puppet.com/security/cve/CVE-2016-5715

Plugin Details

Severity: High

ID: 129754

File Name: puppet_enterprise_2016_4_0.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 10/9/2019

Updated: 11/14/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2016-5714

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port, installed_sw/puppet_enterprise_console

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/20/2016

Vulnerability Publication Date: 10/20/2016

Reference Information

CVE: CVE-2016-5714, CVE-2016-5715

BID: 93846