Puppet Enterprise 2015.x / 2016.x < 2016.4.0 Multiple Vulnerabilities
Medium Nessus Plugin ID 129764
SynopsisA web application running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Puppet Enterprise application running on the remote host is version 2015.x or 2016.x prior to 2016.4.0. It is, therefore, affected by the following vulnerabilities :
- A cross-site redirection vulnerability exists within the /auth/login script due to improper validation of user-supplied input to the 'redirect' parameter in a GET request. An unauthenticated, remote attacker can exploit this issue, by convincing a user to follow a specially crafted link, to redirect the user to a website of the attacker's own choosing, which can then be used to conduct further attacks. Note that this vulnerability was thought to have been resolved by the fix for CVE-2015-6501, but the fix was incomplete. Puppet Enterprise 2016.4.0 includes a fix for this vulnerability. (CVE-2016-5715)
- A flaw exists in the Puppet Enterprise Console due to unsafe string processing that allows an authenticated, remote attacker to execute arbitrary code.
SolutionUpgrade to Puppet Enterprise version 2016.4.0 or later.