Certificate Validation Vulnerability in Puppet Enterprise 2015.3.x
CVE-2016-2787 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:N/A:P
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Learn more about our Web Application Penetration Testing UK.