Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
Puppet Puppet Enterprise
Puppet Puppetdb
NA
CVE-2012-3408
lib/puppet/network/authstore.rb in Puppet prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote malicious users to spoof an agent by acquiring a previously used IP address.
Puppetlabs Puppet
Puppet Puppet Enterprise
9.8
CVSSv3
CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions before 2018.1.1 and razor-server and pe-razor-server before 1.9.0.0.
Puppet Razor-server
Puppet Puppet Enterprise
Puppet Pe-razor-server
NA
CVE-2015-1426
Puppet Labs Facter 1.6.0 up to and including 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Facter 1.6.0
Puppetlabs Facter 1.6.5
Puppet Facter 1.6.6
Puppetlabs Facter 1.6.6
Puppet Facter 1.6.7
Puppet Facter 1.6.13
Puppetlabs Facter 1.6.13
Puppet Facter 1.6.14
Puppetlabs Facter 1.6.14
Puppetlabs Facter 1.7.2
Puppet Facter 1.7.3
Puppetlabs Facter 1.7.3
Puppet Facter 1.7.4
Puppetlabs Facter 2.0.1
Puppet Facter 2.0.2
Puppet Facter 2.1.0
Puppetlabs Facter 1.6.1
Puppet Facter 1.6.2
Puppetlabs Facter 1.6.2
Puppet Facter 1.6.3
Puppetlabs Facter 1.6.9
Puppet Facter 1.6.10
7.8
CVSSv3
CVE-2018-6514
In Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, Puppet Agent 5.5.x before 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Puppet Puppet
7.8
CVSSv3
CVE-2018-6515
Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Puppet Puppet
5.3
CVSSv3
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
6.1
CVSSv3
CVE-2013-4968
Puppet Enterprise prior to 3.0.1 allows remote malicious users to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."
Puppet Puppet Enterprise
8.8
CVSSv3
CVE-2015-5686
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an malicious user to redirect user input to an untrusted site or hijack a user session.
Puppet Puppet Enterprise
NA
CVE-2014-9355
Puppet Enterprise prior to 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
Puppet Puppet Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »