Latest puppet puppet enterprise Vulnerabilities

CVE-2023-5309
Broken Session Management in Puppet Enterprise
Puppet Puppet Enterprise<2021.7.6
Puppet Puppet Enterprise>=2023.0<2023.5.0
CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down ...
Puppet Puppet Enterprise=2021.7.1
Puppet Puppet Enterprise=2023.0
Puppet Puppet Server=7.9.2
redhat/puppet-server<7.11.0
redhat/puppet-server<8.0.0
CVE-2021-27023
Puppet Puppet Agent<6.25.1
Puppet Puppet Agent>=7.0.0<7.12.1
Puppet Puppet Enterprise<2019.8.9
Puppet Puppet Enterprise>=2021.0.0<2021.4
Puppet Puppet Server<6.17.1
Puppet Puppet Server>=7.0.0<7.4.2
and 1 more
CVE-2021-27026
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
Puppet Puppet>=2021.0.0<2021.4.0
Puppet Puppet Connect<0.4.0
Puppet Puppet Enterprise<2019.8.9
CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Puppet Puppet>=2021.0.0<2021.4.0
Puppet Puppet Agent<6.25.1
Puppet Puppet Agent>=5.5.0<=5.5.22
Puppet Puppet Agent>=7.0.0<7.12.1
Puppet Puppet Enterprise<2019.8.9
Fedoraproject Fedora=35
CVE-2021-27020
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
Puppet Puppet Enterprise<2019.8.6
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource nam...
Puppet Puppet Enterprise>=2018.1.0<2018.1.15
Puppet Puppet Enterprise>=2019.0<2019.7.0
Puppet Puppet Server<5.3.13
Puppet Puppet Server>=6.0.0<6.11.1
Puppet Puppetdb<5.2.15
Puppet Puppetdb>=6.0.0<6.10.1
and 279 more
CVE-2015-5686
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrust...
Puppet Puppet Enterprise>=3.0.0<2015.2.0
CVE-2013-4968
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspec...
Puppet Puppet Enterprise>=2.0.0<3.0.1
CVE-2018-11749
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4...
Puppet Puppet Enterprise<=2016.4.14
Puppet Puppet Enterprise>=2017.3.0<=2017.3.9
Puppet Puppet Enterprise>=2018.1.0<=2018.1.3
CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and...
Puppet Pe-razor-server<1.9.0.0
Puppet Puppet Enterprise>=2018.1.0<2018.1.1
Puppet Razor-server<1.9.0.0
CVE-2018-6513
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prio...
Puppet Puppet>=1.10.0<1.10.13
Puppet Puppet>=5.3.0<5.3.7
Puppet Puppet>=5.5.0<5.5.2
Puppet Puppet Enterprise>=2016.4.0<2016.4.12
Puppet Puppet Enterprise>=2017.3.0<2017.3.7
Puppet Puppet Enterprise>=2018.1.0<2018.1.1
CVE-2018-6511
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affe...
Puppet Puppet Enterprise<2017.3.6
CVE-2018-6510
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases...
Puppet Puppet Enterprise<2017.3.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203