Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
Puppet Puppet Enterprise
Puppet Puppetdb
2.6
CVSSv2
CVE-2012-3408
lib/puppet/network/authstore.rb in Puppet prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote malicious users to spoof an agent by acquiring a previously used IP address.
Puppetlabs Puppet
Puppet Puppet Enterprise
7.5
CVSSv2
CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions before 2018.1.1 and razor-server and pe-razor-server before 1.9.0.0.
Puppet Razor-server
Puppet Puppet Enterprise
Puppet Pe-razor-server
2.1
CVSSv2
CVE-2015-1426
Puppet Labs Facter 1.6.0 up to and including 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Facter 1.6.0
Puppetlabs Facter 1.6.5
Puppet Facter 1.6.6
Puppetlabs Facter 1.6.6
Puppet Facter 1.6.7
Puppet Facter 1.6.13
Puppetlabs Facter 1.6.13
Puppet Facter 1.6.14
Puppetlabs Facter 1.6.14
Puppetlabs Facter 1.7.2
Puppet Facter 1.7.3
Puppetlabs Facter 1.7.3
Puppet Facter 1.7.4
Puppetlabs Facter 2.0.1
Puppet Facter 2.0.2
Puppet Facter 2.1.0
Puppetlabs Facter 1.6.1
Puppet Facter 1.6.2
Puppetlabs Facter 1.6.2
Puppet Facter 1.6.3
Puppetlabs Facter 1.6.9
Puppet Facter 1.6.10
6.8
CVSSv2
CVE-2018-6514
In Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, Puppet Agent 5.5.x before 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Puppet Puppet
6.8
CVSSv2
CVE-2018-6515
Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Puppet Puppet
5
CVSSv2
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
5
CVSSv2
CVE-2018-11749
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. ...
Puppet Puppet Enterprise
4.8
CVSSv2
CVE-2018-11751
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
Puppet Puppet Server
5.8
CVSSv2
CVE-2016-5715
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: thi...
Puppet Puppet Enterprise
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »