Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
Puppet Puppet Enterprise
Puppet Puppetdb
4
CVSSv2
CVE-2020-7944
In Continuous Delivery for Puppet Enterprise (CD4PE) prior to 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Puppet Continuous Delivery
4
CVSSv2
CVE-2020-7942
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalo...
Puppet Puppet
Puppet Puppet Agent
4
CVSSv2
CVE-2017-10690
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
Puppet Puppet
Puppet Puppet Enterprise
Redhat Satellite 6.4
4
CVSSv2
CVE-2017-2296
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
Puppet Puppet Enterprise 2017.1.0
Puppet Puppet Enterprise 2017.2.1
Puppet Puppet Enterprise 2017.1.1
4
CVSSv2
CVE-2014-9355
Puppet Enterprise prior to 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
Puppet Puppet Enterprise
4
CVSSv2
CVE-2012-5158
Puppet Enterprise (PE) prior to 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
4
CVSSv2
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet 2.6.14
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppetlabs Puppet
Puppet Puppet 2.6.12
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.8
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.11
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
4
CVSSv2
CVE-2012-3864
Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
Puppet Puppet 2.6.15
Puppetlabs Puppet
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.7.6
3.6
CVSSv2
CVE-2012-1989
telnet.rb in Puppet 2.7.x prior to 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.11
Puppet Puppet 2.7.9
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.12
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.5
Puppet Puppet Enterprise 1.2.1
Puppet Puppet Enterprise 1.2.4
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 1.2.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »