Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4762
Puppet Enterprise prior to 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote malicious users to hijack sessions by obtaining an old session ID.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
NA
CVE-2013-4957
The dashboard report in Puppet Enterprise prior to 3.0.1 allows malicious users to execute arbitrary YAML code via a crafted report-specific type.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.1
NA
CVE-2013-4958
Puppet Enterprise prior to 3.0.1 does not use a session timeout, which makes it easier for malicious users to gain privileges by leveraging an unattended workstation.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
NA
CVE-2013-4962
The reset password page in Puppet Enterprise prior to 3.0.1 does not force entry of the current password, which allows malicious users to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
NA
CVE-2013-4967
Puppet Enterprise prior to 3.0.1 allows remote malicious users to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
NA
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 3.2.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.21
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.2
Puppet Puppet 3.2.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
NA
CVE-2014-3249
Puppet Enterprise 2.8.x prior to 2.8.7 allows remote malicious users to obtain sensitive information via vectors involving hiding and unhiding nodes.
Puppet Puppet Enterprise 2.8.5
Puppet Puppet Enterprise 2.8.6
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.4
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.3
9.8
CVSSv3
CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Puppet Puppet Agent 1.3.0
Puppet Puppet Agent 1.3.1
Puppet Puppet Agent 1.3.2
Puppet Puppet Agent 1.3.4
Puppet Puppet Agent 1.3.5
Puppet Puppet Enterprise 2015.3.0
Puppet Puppet Enterprise 2015.3.2
NA
CVE-2011-0528
Puppet 2.6.0 up to and including 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Puppet Puppet 2.6.3
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
7.2
CVSSv3
CVE-2016-5714
Puppet Enterprise 2015.3.3 and 2016.x prior to 2016.4.0, and Puppet Agent 1.3.6 up to and including 1.7.0 allow remote malicious users to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "P...
Puppet Puppet Enterprise 2015.3.3
Puppet Puppet Enterprise 2016.1.1
Puppet Puppet Enterprise 2016.1.2
Puppet Puppet Enterprise 2016.2.0
Puppet Puppet Enterprise 2016.2.1
Puppet Puppet Agent
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »