vulnerability

Gentoo Linux: CVE-2016-5714: Puppet Agent: Multiple vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Oct 18, 2017

Added

Oct 30, 2017

Modified

Mar 31, 2026

Description

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."

Solution

gentoo-linux-upgrade-app-admin-puppet-agent

References

CVE-2016-5714
https://attackerkb.com/topics/CVE-2016-5714
CWE-284
EUVD-EUVD-2016-6653
GENTOO-201710-12
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-6653

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report