Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise 2.5.1 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2012-5158
Puppet Enterprise (PE) prior to 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
6.8
CVSSv2
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) prior to 2.7.1 allow remote malicious users to hijack the authentication of unspecif...
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
6.8
CVSSv2
CVE-2013-4963
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) prior to 3.0.1 allow remote malicious users to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise 2.0.3
Puppet Puppet Enterprise 2.5.2
8.5
CVSSv2
CVE-2013-1398
The pe_mcollective module in Puppet Enterprise (PE) prior to 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the m...
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
6.8
CVSSv2
CVE-2013-4957
The dashboard report in Puppet Enterprise prior to 3.0.1 allows malicious users to execute arbitrary YAML code via a crafted report-specific type.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.1
2.1
CVSSv2
CVE-2013-4959
Puppet Enterprise prior to 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
5.8
CVSSv2
CVE-2013-4955
Open redirect vulnerability in the login page in Puppet Enterprise prior to 3.0.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
5
CVSSv2
CVE-2013-4967
Puppet Enterprise prior to 3.0.1 allows remote malicious users to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
5.8
CVSSv2
CVE-2013-4762
Puppet Enterprise prior to 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote malicious users to hijack sessions by obtaining an old session ID.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
6.9
CVSSv2
CVE-2013-4958
Puppet Enterprise prior to 3.0.1 does not use a session timeout, which makes it easier for malicious users to gain privileges by leveraging an unattended workstation.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »