Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27294
dp-golang is a Puppet module for Go installations. before 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 up to and including 1.21rc3, ...
NA
CVE-2023-5309
Versions of Puppet Enterprise before 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
Puppet Puppet Enterprise
NA
CVE-2023-5214
In Puppet Bolt versions before 3.27.4, a path to escalate privileges was identified.
Puppet Bolt
NA
CVE-2023-5255
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
Puppet Puppet Server 8.2.0
Puppet Puppet Server 8.2.1
Puppet Puppet 2023.3
NA
CVE-2023-2530
A privilege escalation allowing remote code execution exists in the orchestration service.
Puppet Puppet Enterprise 2023.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2023.1.0
NA
CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue exists in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
Puppet Puppet Enterprise 2021.7.1
Puppet Puppet Server 7.9.2
Puppet Puppet Enterprise 2023.0
NA
CVE-2022-25350
All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.
Helecloud Puppet-facter
NA
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Puppet Puppetlabs-mysql
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterpri...
Puppet Puppetlabs-mysql
NA
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
Perforce Puppet Bolt
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »