Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet enterprise vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby
Ruby-lang Trunk
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Puppet Puppet Agent 1.0.0
Puppet Puppet Enterprise
1 Github repository
6.5
CVSSv3
CVE-2020-7942
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalo...
Puppet Puppet
Puppet Puppet Agent
NA
CVE-2013-4969
Puppet prior to 3.3.3 and 3.4 prior to 3.4.1 and Puppet Enterprise (PE) prior to 2.8.4 and 3.1 prior to 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
Puppetlabs Puppet
Puppet Puppet Enterprise
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.10
8.8
CVSSv3
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolve...
Puppet Mcollective-puppet-agent 1.12.0
8.1
CVSSv3
CVE-2021-27024
A flaw exists in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Puppet Continuous Delivery
3.5
CVSSv3
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
Perforce Puppet Bolt
7.7
CVSSv3
CVE-2020-7944
In Continuous Delivery for Puppet Enterprise (CD4PE) prior to 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Puppet Continuous Delivery
8.8
CVSSv3
CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterpri...
Puppet Puppetlabs-mysql
5.5
CVSSv3
CVE-2020-7945
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
Puppet Continuous Delivery 4.0.0
9.8
CVSSv3
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Puppet Puppetlabs-mysql
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9