Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
8.8
CVSSv3
CVE-2021-27021
A flaw exists in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
Puppet Puppet
Puppet Puppet Enterprise
Puppet Puppetdb
4.9
CVSSv3
CVE-2021-27022
A flaw exists in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
Puppet Puppet
Puppet Puppet Enterprise
8.8
CVSSv3
CVE-2018-6513
Puppet Enterprise 2016.4.x before 2016.4.12, Puppet Enterprise 2017.3.x before 2017.3.7, Puppet Enterprise 2018.1.x before 2018.1.1, Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2, were vulnerable to an attack where an unp...
Puppet Puppet
Puppet Puppet Enterprise
NA
CVE-2013-1652
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspe...
Puppetlabs Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.9
Puppet Puppet 2.7.3
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.16
Puppet Puppet 2.7.2
Puppet Puppet 2.7.4
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 3.1.0
7.5
CVSSv3
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as wel...
Puppet Puppet Enterprise
Puppet Puppet Server
Puppet Puppetdb
2 Github repositories
6.5
CVSSv3
CVE-2021-27025
A flaw exists in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Puppet Puppet Agent
Puppet Puppet
Puppet Puppet Enterprise
Fedoraproject Fedora 35
9.8
CVSSv3
CVE-2021-27023
A flaw exists in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Puppet Puppet Server
Puppet Puppet Agent
Puppet Puppet Enterprise
Fedoraproject Fedora 35
NA
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet 2.6.14
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppetlabs Puppet
Puppet Puppet 2.6.12
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.8
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.11
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
NA
CVE-2013-1653
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authentica...
Puppet Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet 2.7.16
Puppet Puppet 2.7.18
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppetlabs Puppet 2.7.20
Puppet Puppet Enterprise 3.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »