Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppetlabs puppet vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
80 Github repositories
6 Articles
NA
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Puppet Puppetlabs-mysql
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterpri...
Puppet Puppetlabs-mysql
605
VMScore
CVE-2022-0675
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
Puppet Firewall
312
VMScore
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
356
VMScore
CVE-2019-10695
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs...
Puppet Continuous Delivery
668
VMScore
CVE-2015-7224
puppetlabs-mysql 3.1.0 up to and including 3.6.0 allow remote malicious users to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
Puppet Puppetlabs-mysql
445
VMScore
CVE-2017-2299
Versions of the puppetlabs-apache module before 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust ce...
Puppet Puppetlabs-apache 1.4.1
Puppet Puppetlabs-apache 1.4.0
Puppet Puppetlabs-apache 1.3.0
Puppet Puppetlabs-apache 1.2.0
Puppet Puppetlabs-apache 0.0.4
Puppet Puppetlabs-apache 1.7.0
Puppet Puppetlabs-apache 1.5.0
Puppet Puppetlabs-apache 1.1.1
Puppet Puppetlabs-apache 1.0.1
Puppet Puppetlabs-apache 0.7.0
Puppet Puppetlabs-apache 0.4.0
Puppet Puppetlabs-apache 2.0.0
Puppet Puppetlabs-apache 1.11.0
Puppet Puppetlabs-apache 1.10.0
Puppet Puppetlabs-apache 1.8.1
Puppet Puppetlabs-apache 1.8.0
Puppet Puppetlabs-apache 0.11.0
Puppet Puppetlabs-apache 0.10.0
Puppet Puppetlabs-apache 0.9.0
Puppet Puppetlabs-apache 0.8.1
Puppet Puppetlabs-apache 1.7.1
Puppet Puppetlabs-apache 1.6.0
696
VMScore
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and previous versions is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Sudo Project Sudo
1 EDB exploit
4 Github repositories
445
VMScore
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »