vulnerability

Gentoo Linux: CVE-2016-2786: Puppet Server and Agent: Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jun 10, 2016	Oct 30, 2017	Mar 31, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jun 10, 2016

Added

Oct 30, 2017

Modified

Mar 31, 2026

Description

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

Solutions

gentoo-linux-upgrade-app-admin-puppet-agentgentoo-linux-upgrade-app-admin-puppetserver

References

CVE-2016-2786
https://attackerkb.com/topics/CVE-2016-2786
CWE-20
EUVD-EUVD-2016-3859
GENTOO-201606-02
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-3859

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report