Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3408
lib/puppet/network/authstore.rb in Puppet prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote malicious users to spoof an agent by acquiring a previously used IP address.
Puppetlabs Puppet
Puppet Puppet Enterprise
4.3
CVSSv3
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
Puppet Puppet Enterprise
Puppet Puppetdb
9.8
CVSSv3
CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions before 2018.1.1 and razor-server and pe-razor-server before 1.9.0.0.
Puppet Razor-server
Puppet Puppet Enterprise
Puppet Pe-razor-server
NA
CVE-2015-1426
Puppet Labs Facter 1.6.0 up to and including 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Facter 1.6.0
Puppetlabs Facter 1.6.5
Puppet Facter 1.6.6
Puppetlabs Facter 1.6.6
Puppet Facter 1.6.7
Puppet Facter 1.6.13
Puppetlabs Facter 1.6.13
Puppet Facter 1.6.14
Puppetlabs Facter 1.6.14
Puppetlabs Facter 1.7.2
Puppet Facter 1.7.3
Puppetlabs Facter 1.7.3
Puppet Facter 1.7.4
Puppetlabs Facter 2.0.1
Puppet Facter 2.0.2
Puppet Facter 2.1.0
Puppetlabs Facter 1.6.1
Puppet Facter 1.6.2
Puppetlabs Facter 1.6.2
Puppet Facter 1.6.3
Puppetlabs Facter 1.6.9
Puppet Facter 1.6.10
7.8
CVSSv3
CVE-2018-6515
Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Puppet Puppet
7.8
CVSSv3
CVE-2018-6514
In Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, Puppet Agent 5.5.x before 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Puppet Puppet
5.3
CVSSv3
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
9.8
CVSSv3
CVE-2016-5713
Versions of Puppet Agent before 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
Puppet Puppet Agent
9.8
CVSSv3
CVE-2023-5309
Versions of Puppet Enterprise before 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
Puppet Puppet Enterprise
NA
CVE-2014-9355
Puppet Enterprise prior to 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
Puppet Puppet Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »