View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-2785 severity low: SUSE including 2 source package names (puppet, puppet-server), 10 product×package rows across 8 product lines (SUSE Linux Enterprise Desktop 11 SP4, SUSE Linux Enterprise Desktop 12, … (8 product lines)): Known Not Affected 10.
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.