### [CVE-2016-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5715)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.

### POC

#### Reference
- http://packetstormsecurity.com/files/139302/Puppet-Enterprise-Web-Interface-Open-Redirect.html

#### Github
No PoCs found on GitHub currently.