Certificate Validation Vulnerability in Puppet Enterprise 2015.3.x

Certificate Validation Vulnerability in Puppet Enterprise 2015.3.x

CVE-2016-2787 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.