CVE-2016-5713

Summary

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet AgentIntroduced in 1.3.0, fixed in 1.6.0affected

Weaknesses

  • Privilege Escalation

ADP Enrichment

CVE Program Container

Additional References

References