Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppetlabs puppet vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2013-1398
The pe_mcollective module in Puppet Enterprise (PE) prior to 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the m...
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
7.5
CVSSv2
CVE-2015-7224
puppetlabs-mysql 3.1.0 up to and including 3.6.0 allow remote malicious users to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
Puppet Puppetlabs-mysql
7.5
CVSSv2
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 3.2.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.21
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.2
Puppet Puppet 3.2.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
7.5
CVSSv2
CVE-2013-1655
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, when running Ruby 1.9.3 or later, allows remote malicious users to execute arbitrary code via vectors related to "serialized attributes."
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.2
Puppet Puppet 2.7.13
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet Enterprise 3.1.0
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.14
Puppet Puppet 2.7.12
7.1
CVSSv2
CVE-2013-1653
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authentica...
Puppet Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet 2.7.16
Puppet Puppet 2.7.18
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppetlabs Puppet 2.7.20
Puppet Puppet Enterprise 3.1.0
6.9
CVSSv2
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
6.8
CVSSv2
CVE-2022-0675
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
Puppet Firewall
6.8
CVSSv2
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) prior to 2.7.1 allow remote malicious users to hijack the authentication of unspecif...
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
6.5
CVSSv2
CVE-2015-1029
The puppetlabs-stdlib module 2.1 up to and including 3.0 and 4.1.0 up to and including 4.5.x prior to 4.5.1 for Puppet 2.8.8 and previous versions allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
Puppet Stdlib 4.5.0
Puppet Stdlib 2.3.3
Puppet Stdlib 2.3.2
Puppet Stdlib 2.3.1
Puppet Stdlib 2.3.0
Puppet Stdlib 2.2.1
Puppet Stdlib 4.2.2
Puppet Stdlib 4.2.1
Puppet Stdlib 4.2.0
Puppet Stdlib 4.1.0
Puppet Stdlib 4.3.2
Puppet Stdlib 4.3.0
Puppet Stdlib 3.0.0
Puppet Stdlib 2.4.0
Puppet Stdlib 2.2.0
Puppet Stdlib 2.1.1
Puppet Stdlib 4.4.0
Puppet Stdlib 4.3.1
Puppet Stdlib 2.5.0
Puppet Stdlib 2.1.3
Puppet Stdlib 2.1.2
Puppet Stdlib 2.1.0
1 Github repository
6.5
CVSSv2
CVE-2013-2274
Puppet 2.6.x prior to 2.6.18 and Puppet Enterprise 1.2.x prior to 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Puppet Puppet 2.6.14
Puppet Puppet 2.6.12
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.6.17
Puppet Puppet 2.6.16
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.13
Puppet Puppet 2.6.9
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet Enterprise 1.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »