Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-4971
Puppet Enterprise prior to 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Puppet Puppet Enterprise 3.0.1
Puppet Puppet Enterprise 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 3.0.0
6.5
CVSSv2
CVE-2021-27021
A flaw exists in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
Puppet Puppet
Puppet Puppet Enterprise
Puppet Puppetdb
6.5
CVSSv2
CVE-2015-1029
The puppetlabs-stdlib module 2.1 up to and including 3.0 and 4.1.0 up to and including 4.5.x prior to 4.5.1 for Puppet 2.8.8 and previous versions allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
Puppet Stdlib 4.5.0
Puppet Stdlib 2.3.3
Puppet Stdlib 2.3.2
Puppet Stdlib 2.3.1
Puppet Stdlib 2.3.0
Puppet Stdlib 2.2.1
Puppet Stdlib 4.2.2
Puppet Stdlib 4.2.1
Puppet Stdlib 4.2.0
Puppet Stdlib 4.1.0
Puppet Stdlib 4.3.2
Puppet Stdlib 4.3.0
Puppet Stdlib 3.0.0
Puppet Stdlib 2.4.0
Puppet Stdlib 2.2.0
Puppet Stdlib 2.1.1
Puppet Stdlib 4.4.0
Puppet Stdlib 4.3.1
Puppet Stdlib 2.5.0
Puppet Stdlib 2.1.3
Puppet Stdlib 2.1.2
Puppet Stdlib 2.1.0
1 Github repository
NA
CVE-2023-2530
A privilege escalation allowing remote code execution exists in the orchestration service.
Puppet Puppet Enterprise 2023.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2023.1.0
4
CVSSv2
CVE-2021-27025
A flaw exists in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Puppet Puppet Agent
Puppet Puppet
Puppet Puppet Enterprise
Fedoraproject Fedora 35
NA
CVE-2023-5255
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
Puppet Puppet Server 8.2.0
Puppet Puppet Server 8.2.1
Puppet Puppet 2023.3
6.2
CVSSv2
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
5
CVSSv2
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as wel...
Puppet Puppet Enterprise
Puppet Puppet Server
Puppet Puppetdb
2 Github repositories
5
CVSSv2
CVE-2021-27023
A flaw exists in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Puppet Puppet Server
Puppet Puppet Agent
Puppet Puppet Enterprise
Fedoraproject Fedora 35
NA
CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue exists in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
Puppet Puppet Enterprise 2021.7.1
Puppet Puppet Server 7.9.2
Puppet Puppet Enterprise 2023.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »