Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet agent vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolve...
Puppet Mcollective-puppet-agent 1.12.0
9
CVSSv2
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
7.5
CVSSv2
CVE-2016-5713
Versions of Puppet Agent before 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
Puppet Puppet Agent
7.5
CVSSv2
CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Puppet Puppet Agent 1.3.0
Puppet Puppet Agent 1.3.1
Puppet Puppet Agent 1.3.2
Puppet Puppet Agent 1.3.4
Puppet Puppet Agent 1.3.5
Puppet Puppet Enterprise 2015.3.0
Puppet Puppet Enterprise 2015.3.2
7.5
CVSSv2
CVE-2016-2785
Puppet Server prior to 2.3.2 and Ruby puppetmaster in Puppet 4.x prior to 4.4.2 and in Puppet Agent prior to 1.4.2 might allow remote malicious users to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Puppet Puppet 4.0.0
Puppet Puppet 4.1.0
Puppet Puppet 4.2.0
Puppet Puppet 4.2.1
Puppet Puppet 4.2.2
Puppet Puppet 4.2.3
Puppet Puppet 4.3.0
Puppet Puppet 4.3.1
Puppet Puppet 4.3.2
Puppet Puppet 4.4.0
Puppet Puppet 4.4.1
Puppet Puppet Server 2.0.0
Puppet Puppet Server 2.1.0
Puppet Puppet Server 2.1.1
Puppet Puppet Server 2.1.2
Puppet Puppet Server 2.2.0
Puppet Puppet Server 2.3.0
Puppet Puppet Server 2.3.1
Puppet Puppet Agent 1.4.1
7.5
CVSSv2
CVE-2013-1655
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, when running Ruby 1.9.3 or later, allows remote malicious users to execute arbitrary code via vectors related to "serialized attributes."
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.2
Puppet Puppet 2.7.13
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet Enterprise 3.1.0
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.14
Puppet Puppet 2.7.12
7.1
CVSSv2
CVE-2013-1653
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authentica...
Puppet Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet 2.7.16
Puppet Puppet 2.7.18
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppetlabs Puppet 2.7.20
Puppet Puppet Enterprise 3.1.0
6.8
CVSSv2
CVE-2018-6514
In Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, Puppet Agent 5.5.x before 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Puppet Puppet
6.8
CVSSv2
CVE-2018-6515
Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Puppet Puppet
6.5
CVSSv2
CVE-2018-6513
Puppet Enterprise 2016.4.x before 2016.4.12, Puppet Enterprise 2017.3.x before 2017.3.7, Puppet Enterprise 2018.1.x before 2018.1.1, Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2, were vulnerable to an attack where an unp...
Puppet Puppet
Puppet Puppet Enterprise
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »