Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet enterprise vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2716
Puppet Labs Puppet Enterprise prior to 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote malicious users to obtain console access via a crafted cookie.
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise
Puppetlabs Puppet 1.1.0
Puppetlabs Puppet 1.0.0
Puppet Puppet Enterprise 2.0.0
Puppetlabs Puppet 1.2.0
NA
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 3.2.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.21
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.2
Puppet Puppet 3.2.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
NA
CVE-2011-3872
Puppet 2.6.x prior to 2.6.12 and 2.7.x prior to 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 prior to 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which all...
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.6.0
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.3
Puppetlabs Puppet Enterprise Users 1.0
Puppet Puppet Enterprise 1.2.0
1 Github repository
5.3
CVSSv3
CVE-2016-9686
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2016.5.1
6.8
CVSSv3
CVE-2015-4100
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
Puppet Puppet Enterprise 3.8.0
Puppet Puppet Enterprise
NA
CVE-2013-4965
Puppet Enterprise prior to 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote malicious users to bypass intended access restrictions via a brute-force attack.
Puppet Puppet Enterprise 3.0.0
Puppet Puppet Enterprise
5.3
CVSSv3
CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue exists in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
Puppet Puppet Enterprise 2021.7.1
Puppet Puppet Server 7.9.2
Puppet Puppet Enterprise 2023.0
NA
CVE-2012-0891
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 prior to 1.2.5 and Enterprise 1.0 prior to 1.2.5 and 2.x prior to 2.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified fields.
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Dashboard 1.0.3
Puppet Puppet Dashboard 1.2.3
Puppet Puppet Dashboard 1.1.0
Puppet Puppet Dashboard 1.1.1
Puppet Puppet Dashboard 1.2.0
Puppet Puppet Dashboard 1.2.1
Puppet Puppet Dashboard 1.0.0
Puppet Puppet Dashboard 1.0.4
Puppet Puppet Dashboard 1.2.2
Puppet Puppet Dashboard 1.2.4
NA
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
4.9
CVSSv3
CVE-2021-27022
A flaw exists in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
Puppet Puppet
Puppet Puppet Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »