MEDIUM
Puppet
CVE published 2017-01-12
CVE-2016-5715
CVE-2016-5715 is an open redirect vulnerability in the Puppet Enterprise Console. An attacker could craft a redirect parameter containing a //-prefixed domain and send a user to an arbitrary website, which can support phishing and credential theft attempts. NVD rates the issue as medium severity (CVSS 6.1) and notes it was caused by an incomplete fix for CVE-2015-6501.