Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet enterprise vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5158
Puppet Enterprise (PE) prior to 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
NA
CVE-2013-1398
The pe_mcollective module in Puppet Enterprise (PE) prior to 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the m...
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
NA
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) prior to 2.7.1 allow remote malicious users to hijack the authentication of unspecif...
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
9.8
CVSSv3
CVE-2023-2530
A privilege escalation allowing remote code execution exists in the orchestration service.
Puppet Puppet Enterprise 2023.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2023.1.0
NA
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.7
Puppet Puppet 2.7.6
Puppet Puppet 2.7.5
NA
CVE-2012-1986
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlin...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
NA
CVE-2012-1987
Unspecified vulnerability in Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a...
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
NA
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
NA
CVE-2012-1054
Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.8
Puppet Puppet 2.7.7
Puppet Puppet 2.7.3
Puppet Puppet 2.7.2
6.5
CVSSv3
CVE-2017-2296
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
Puppet Puppet Enterprise 2017.1.0
Puppet Puppet Enterprise 2017.2.1
Puppet Puppet Enterprise 2017.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »