Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv2
CVE-2014-3251
The MCollective aes_security plugin, as used in Puppet Enterprise prior to 3.3.0 and Mcollective prior to 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecif...
Puppetlabs Mcollective -
Puppet Puppet Enterprise
4
CVSSv2
CVE-2020-7942
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalo...
Puppet Puppet Agent
Puppet Puppet
4.3
CVSSv2
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Trunk
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Puppet Puppet Enterprise
Puppet Puppet Agent 1.0.0
1 Github repository
6.5
CVSSv2
CVE-2019-10458
Jenkins Puppet Enterprise Pipeline 1.3.1 and previous versions specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Jenkins Puppet Enterprise Pipeline
9
CVSSv2
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolve...
Puppet Mcollective-puppet-agent 1.12.0
2.1
CVSSv2
CVE-2013-4969
Puppet prior to 3.3.3 and 3.4 prior to 3.4.1 and Puppet Enterprise (PE) prior to 2.8.4 and 3.1 prior to 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
Puppetlabs Puppet
Puppet Puppet Enterprise
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
5.5
CVSSv2
CVE-2021-27024
A flaw exists in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Puppet Continuous Delivery
NA
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
Perforce Puppet Bolt
4
CVSSv2
CVE-2020-7944
In Continuous Delivery for Puppet Enterprise (CD4PE) prior to 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Puppet Continuous Delivery
NA
CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterpri...
Puppet Puppetlabs-mysql
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »