Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet 2.6.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1398
The pe_mcollective module in Puppet Enterprise (PE) prior to 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the m...
Puppetlabs Puppet 2.5.0
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
NA
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) prior to 2.7.1 allow remote malicious users to hijack the authentication of unspecif...
Puppetlabs Puppet 2.5.0
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
NA
CVE-2011-0528
Puppet 2.6.0 up to and including 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
NA
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 3.2.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Puppet Puppet 2.7.18
Puppet Puppet 2.7.21
Puppet Puppet 3.2.1
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
NA
CVE-2013-2716
Puppet Labs Puppet Enterprise prior to 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote malicious users to obtain console access via a crafted cookie.
Puppetlabs Puppet 2.5.0
Puppetlabs Puppet 1.2.0
Puppetlabs Puppet 2.6.0
Puppetlabs Puppet 1.0.0
Puppetlabs Puppet 1.1.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
NA
CVE-2013-2274
Puppet 2.6.x prior to 2.6.18 and Puppet Enterprise 1.2.x prior to 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Puppetlabs Puppet 2.6.17
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet Enterprise 1.2.0
NA
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppetlabs Puppet
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.19
NA
CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted re...
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
NA
CVE-2012-3864
Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
NA
CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server...
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »