Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppetlabs puppet vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
80 Github repositories
6 Articles
9.8
CVSSv3
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Puppet Puppetlabs-mysql
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-0675
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
Puppet Firewall
9.8
CVSSv3
CVE-2015-7224
puppetlabs-mysql 3.1.0 up to and including 3.6.0 allow remote malicious users to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
Puppet Puppetlabs-mysql
8.8
CVSSv3
CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterpri...
Puppet Puppetlabs-mysql
7.5
CVSSv3
CVE-2017-2299
Versions of the puppetlabs-apache module before 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust ce...
Puppet Puppetlabs-apache 1.4.1
Puppet Puppetlabs-apache 1.4.0
Puppet Puppetlabs-apache 1.3.0
Puppet Puppetlabs-apache 1.2.0
Puppet Puppetlabs-apache 0.0.4
Puppet Puppetlabs-apache 1.7.0
Puppet Puppetlabs-apache 1.5.0
Puppet Puppetlabs-apache 1.1.1
Puppet Puppetlabs-apache 1.0.1
Puppet Puppetlabs-apache 0.7.0
Puppet Puppetlabs-apache 0.4.0
Puppet Puppetlabs-apache 2.0.0
Puppet Puppetlabs-apache 1.11.0
Puppet Puppetlabs-apache 1.10.0
Puppet Puppetlabs-apache 1.8.1
Puppet Puppetlabs-apache 1.8.0
Puppet Puppetlabs-apache 0.11.0
Puppet Puppetlabs-apache 0.10.0
Puppet Puppetlabs-apache 0.9.0
Puppet Puppetlabs-apache 0.8.1
Puppet Puppetlabs-apache 1.7.1
Puppet Puppetlabs-apache 1.6.0
6.6
CVSSv3
CVE-2015-7331
The mcollective-puppet-agent plugin prior to 1.11.1 for Puppet allows remote malicious users to execute arbitrary code via vectors involving the --server argument.
Puppetlabs Mcollective-puppet-agent
6.5
CVSSv3
CVE-2019-10695
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs...
Puppet Continuous Delivery
6.4
CVSSv3
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and previous versions is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Sudo Project Sudo
1 EDB exploit
4 Github repositories
5.4
CVSSv3
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »