Puppet Enterprise < 2016.2.1 Multiple Vulnerabilities
High Nessus Plugin ID 129753
SynopsisA web application running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Puppet Enterprise application running on the remote host is version prior to 2016.2.1. It is, therefore, affected by the following vulnerabilities :
- A remote code execution vulnerability exists in the mcollective puppet-agent plugin due to an insecure argument. An unauthenticated, remote attacker can exploit this to enable remote code execution . (CVE-2015-7331)
- A flaw exists in the Puppet Enterprise Console due to unsafe string processing that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-2788)
SolutionUpgrade to Puppet Enterprise version 2016.2.1 or later.