Headline
CVE-2016-5715: CVE-2016-5715 - Arbitrary URL Redirection in Puppet Enterprise Console
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.
- Posted October 20, 2016
- Assessed Risk Level: Medium
- CVSS 3 Base Score: 4.2
The Puppet Enterprise Console does not properly validate the string parameter used to set the URL target for the next page transition. This can be leveraged to create believable phishing attacks and potentially harvest the victim’s console credentials. This was thought to be resolved with the fix for CVE-2015-6501, but the fix was incomplete. Puppet Enterprise 2016.4.0 includes a fix for this vulnerability.
Thanks to John Page aka hyp3rlinx for responsibly disclosing this issue to us. This issue was also independently reported by NCC Group.
Status:
Affected Software Versions:
- Puppet Enterprise 2015.x
- Puppet Enterprise 2016.x prior to 2016.4.0
Resolved in:
- Puppet Enterprise 2016.4.0