Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-8470
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Puppet Puppet Enterprise
4.3
CVSSv2
CVE-2017-2298
The mcollective-sshkey-security plugin prior to 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string &qu...
Puppet Mcollective-sshkey-security
4.3
CVSSv2
CVE-2016-5737
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted review.
Openstack Puppet-gerrit -
4.3
CVSSv2
CVE-2012-0891
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 prior to 1.2.5 and Enterprise 1.0 prior to 1.2.5 and 2.x prior to 2.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified fields.
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Dashboard 1.0.3
Puppet Puppet Dashboard 1.2.3
Puppet Puppet Dashboard 1.1.0
Puppet Puppet Dashboard 1.1.1
Puppet Puppet Dashboard 1.2.0
Puppet Puppet Dashboard 1.2.1
Puppet Puppet Dashboard 1.0.0
Puppet Puppet Dashboard 1.0.4
Puppet Puppet Dashboard 1.2.2
Puppet Puppet Dashboard 1.2.4
4.3
CVSSv2
CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted re...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.6.15
Puppet Puppet 2.6.10
Puppet Puppet 2.6.4
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.16
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.7.10
4
CVSSv2
CVE-2021-27025
A flaw exists in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Puppet Puppet Agent
Puppet Puppet
Puppet Puppet Enterprise
Fedoraproject Fedora 35
4
CVSSv2
CVE-2021-27022
A flaw exists in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
Puppet Puppet
Puppet Puppet Enterprise
4
CVSSv2
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
Puppet Puppet Enterprise
Puppet Puppetdb
4
CVSSv2
CVE-2020-7944
In Continuous Delivery for Puppet Enterprise (CD4PE) prior to 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Puppet Continuous Delivery
4
CVSSv2
CVE-2020-7942
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalo...
Puppet Puppet
Puppet Puppet Agent
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »