Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet enterprise vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-6510
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions before 2017.3.6.
Puppet Puppet Enterprise
6.1
CVSSv3
CVE-2016-5715
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: thi...
Puppet Puppet Enterprise
6.1
CVSSv3
CVE-2015-6501
Open redirect vulnerability in the Console in Puppet Enterprise prior to 2015.2.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
Puppet Puppet Enterprise
6.1
CVSSv3
CVE-2015-6502
Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise prior to 2015.2.1 allows remote malicious users to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.
Puppet Puppet Enterprise
9.8
CVSSv3
CVE-2019-10694
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise ...
Puppet Puppet Enterprise
NA
CVE-2013-1652
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspe...
Puppetlabs Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.9
Puppet Puppet 2.7.3
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.16
Puppet Puppet 2.7.2
Puppet Puppet 2.7.4
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 3.1.0
9.8
CVSSv3
CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions before 2018.1.1 and razor-server and pe-razor-server before 1.9.0.0.
Puppet Razor-server
Puppet Puppet Enterprise
Puppet Pe-razor-server
8.8
CVSSv3
CVE-2015-7330
Puppet Enterprise 2015.3 prior to 2015.3.1 allows remote malicious users to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
Puppet Puppet Enterprise 2015.3.0
NA
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
NA
CVE-2012-1988
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by crea...
Puppet Puppet
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise
Fedoraproject Fedora 17
Fedoraproject Fedora 16
Fedoraproject Fedora 15
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 10.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »