Puppet Enterprise 2015.3.3 and 2016.x prior to 2016.4.0, and Puppet Agent 1.3.6 up to and including 1.7.0 allow remote malicious users to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet enterprise 2015.3.3 |
||
puppet puppet enterprise 2016.1.1 |
||
puppet puppet enterprise 2016.1.2 |
||
puppet puppet enterprise 2016.2.0 |
||
puppet puppet enterprise 2016.2.1 |
||
puppet puppet agent |