Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise 2.5.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) prior to 2.7.1 allow remote malicious users to hijack the authentication of unspecif...
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
NA
CVE-2013-1398
The pe_mcollective module in Puppet Enterprise (PE) prior to 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the m...
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
NA
CVE-2013-4963
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) prior to 3.0.1 allow remote malicious users to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise 2.0.3
Puppet Puppet Enterprise 2.5.2
NA
CVE-2013-2716
Puppet Labs Puppet Enterprise prior to 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote malicious users to obtain console access via a crafted cookie.
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise
Puppetlabs Puppet 1.1.0
Puppetlabs Puppet 1.0.0
Puppet Puppet Enterprise 2.0.0
Puppetlabs Puppet 1.2.0
NA
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 3.2.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.21
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.2
Puppet Puppet 3.2.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
NA
CVE-2012-3408
lib/puppet/network/authstore.rb in Puppet prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote malicious users to spoof an agent by acquiring a previously used IP address.
Puppetlabs Puppet
Puppet Puppet Enterprise
NA
CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted re...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.6.15
Puppet Puppet 2.6.10
Puppet Puppet 2.6.4
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.16
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.7.10
NA
CVE-2012-3866
lib/puppet/defaults.rb in Puppet 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
Puppet Puppet 2.7.12
Puppet Puppet 2.7.11
Puppet Puppet 2.7.3
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.14
Puppet Puppet 2.7.13
Puppet Puppet 2.7.5
Puppet Puppet 2.7.4
Puppetlabs Puppet
Puppet Puppet 2.7.16
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.0
Puppet Puppet Enterprise
NA
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
NA
CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server...
Puppetlabs Puppet
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.11
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.12
Puppet Puppet 2.7.3
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.16
Puppet Puppet 2.7.14
Puppet Puppet 2.7.5
Puppet Puppet 2.7.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.5
Puppet Puppet 2.6.13
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »