Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet continuous delivery vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and previous versions is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Sudo Project Sudo
1 EDB exploit
4 Github repositories
5.5
CVSSv2
CVE-2021-27024
A flaw exists in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Puppet Continuous Delivery
4
CVSSv2
CVE-2020-7944
In Continuous Delivery for Puppet Enterprise (CD4PE) prior to 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Puppet Continuous Delivery
4
CVSSv2
CVE-2019-10695
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs...
Puppet Continuous Delivery
2.1
CVSSv2
CVE-2020-7945
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
Puppet Continuous Delivery 4.0.0
NA
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
80 Github repositories
6 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started