CVE-2016-5713: Code Injection
First published: Wed Dec 06 2017(Updated: )
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
Credit: security@puppet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet Puppet Agent | >=1.3.0<1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-5713?
CVE-2016-5713 is a vulnerability in Puppet Agent that allowed unauthorized code to be loaded.
What is the severity of CVE-2016-5713?
CVE-2016-5713 has a severity rating of 9.8 (Critical).
How does CVE-2016-5713 affect Puppet Agent?
CVE-2016-5713 affects versions of Puppet Agent prior to 1.6.0 and allows unauthorized code to be loaded.
How can I fix CVE-2016-5713?
To fix CVE-2016-5713, upgrade to Puppet Agent version 1.6.0 or newer.
Is CVE-2016-5713 associated with any CWE?
Yes, CVE-2016-5713 is associated with CWE-94 (Code Injection).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/puppet
- canonical/puppet puppet agent
- version/puppet puppet agent/1.3.0