Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet 2.6.1 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2012-5158
Puppet Enterprise (PE) prior to 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
490
VMScore
CVE-2011-0528
Puppet 2.6.0 up to and including 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Puppet Puppet 2.6.3
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
578
VMScore
CVE-2013-2274
Puppet 2.6.x prior to 2.6.18 and Puppet Enterprise 1.2.x prior to 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Puppet Puppet 2.6.14
Puppet Puppet 2.6.12
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.6.17
Puppet Puppet 2.6.16
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.13
Puppet Puppet 2.6.9
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet Enterprise 1.2.0
356
VMScore
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet 2.6.14
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppetlabs Puppet
Puppet Puppet 2.6.12
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.8
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.11
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
356
VMScore
CVE-2012-3864
Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
Puppet Puppet 2.6.15
Puppetlabs Puppet
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.7.6
312
VMScore
CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server...
Puppetlabs Puppet
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.11
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.12
Puppet Puppet 2.7.3
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.16
Puppet Puppet 2.7.14
Puppet Puppet 2.7.5
Puppet Puppet 2.7.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.5
Puppet Puppet 2.6.13
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
383
VMScore
CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted re...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.6.15
Puppet Puppet 2.6.10
Puppet Puppet 2.6.4
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.16
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.7.10
294
VMScore
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.7
Puppet Puppet 2.7.6
Puppet Puppet 2.7.5
187
VMScore
CVE-2012-1986
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlin...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
312
VMScore
CVE-2012-1987
Unspecified vulnerability in Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a...
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »