Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet Enterprise和Puppet Agent 安全漏洞
Vulnerability Description
Puppet Enterprise和Puppet Agent都是美国Puppet实验室的产品。Puppet是一套基于客户端/服务器(C/S)架构的配置管理工具,Puppet Enterprise是一个企业版;Puppet Agent是一套客户端工具。 Puppet Enterprise 2015.3.3版本、2016.4.0之前的2016.x版本和Puppet Agent 1.3.6版本至1.7.0版本中存在安全漏洞。远程攻击者可利用该漏洞绕过主机白名单保护机制,在Puppet节点上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A