Puppet Enterprise 2015.x / 2016.x < 2016.4.0 Multiple Vulnerabilities

medium Nessus Plugin ID 95392

Synopsis

A web application running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise application running on the remote host is version 2015.x or 2016.x prior to 2016.4.0. It is, therefore, affected by the following vulnerabilities :

- A cross-site redirection vulnerability exists within the /auth/login script due to improper validation of user-supplied input to the 'redirect' parameter in a GET request. An unauthenticated, remote attacker can exploit this issue, by convincing a user to follow a specially crafted link, to redirect the user to a website of the attacker's own choosing, which can then be used to conduct further attacks. Note that this vulnerability was thought to have been resolved by the fix for CVE-2015-6501, but the fix was incomplete. Puppet Enterprise 2016.4.0 includes a fix for this vulnerability. (CVE-2015-5715)

- A flaw exists in the Puppet Enterprise Console due to unsafe string processing that allows an authenticated, remote attacker to execute arbitrary code.

Solution

Upgrade to Puppet Enterprise version 2016.4.0 or later.

See Also

https://puppet.com/docs/puppet/6.0/release_notes.html

https://puppet.com/security/cve/cve-2016-5715

https://puppet.com/security/cve/pe-console-oct-2016

Plugin Details

Severity: Medium

ID: 95392

File Name: puppet_enterprise_421_470.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 11/29/2016

Updated: 11/14/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2016-5715

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port, installed_sw/puppet_enterprise_console

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 9/22/2016

Vulnerability Publication Date: 10/14/2016

Reference Information

CVE: CVE-2016-5715

BID: 93846