The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-10T15:00:00

Updated: 2024-08-05T23:32:20.981Z

Reserved: 2016-02-29T00:00:00

Link: CVE-2016-2786

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2016-06-10T15:59:01.343

Modified: 2022-01-24T16:46:02.893

Link: CVE-2016-2786

cve-icon Redhat

No data.