Filter
AND
Versions
2.5.1
19
3.0.0
17
2.0.0
16
2.5.2
15
2.8.0
15
2.8.1
14
2.8.2
13
1.2.0
12
2.8.3
11
1.2.1
8
1.2.2
8
1.2.3
8
2.0.1
8
2.0.2
8
1.2.4
7
3.1.0
7
2.7.0
6
2017.1.0
6
2.5.0
5
2015.2.0
5
2017.1.1
5
2018.1.0
5
1.0
4
1.1
4
2.7.1
4
2016.5.1
4
3.8.0
4
2015.3.0
3
2015.3.2
3
2015.3.3
3
2016.1.1
3
2016.2.0
3
2016.4.0
3
2016.5.2
3
2017.3.0
3
2023.0
3
3.0.1
3
3.7.0
3
2015.2.1
2
2015.2.2
2
2015.2.3
2
2016.1.2
2
2016.2.1
2
2017.2.1
2
2019.0
2
2021.0.0
2
3.1.1
2
3.7.2
2
2.0.3
1
2.6.0
1
2.7.2
1
2.8.4
1
2.8.5
1
2.8.6
1
2.8.8
1
2015.3.1
1
2016.4.14
1
2016.4.3
1
2017.2.3
1
2017.3.2
1
2017.3.9
1
2018.1.3
1
2021.7.0
1
2021.7.1
1
2021.7.3
1
2023.1.0
1
3.1
1
3.2.0
1
3.8.1
1
3.8.2
1
3.8.6
1
CVE-2023-5309Broken Session Management in Puppet Enterprise
9.8
First published (updated )
Puppet Puppet EnterprisePuppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a special…
8
First published (updated )
Puppet Puppet EnterprisePuppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https sessi…
First published (updated )
Puppet PuppetPuppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet …
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Puppet Puppet EnterprisePuppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users befor…
7.5
First published (updated )
Puppet Puppet EnterprisePuppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors r…
First published (updated )
Puppet Puppet EnterpriseThe console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads th…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Puppet Puppet EnterpriseWhen users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are …
9.8
First published (updated )
Puppet Puppet EnterpriseXSS Vulnerability in Puppet Enterprise Console
5.4
First published (updated )
Puppet Puppet EnterprisePuppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a…
First published (updated )
Puppet Puppet EnterpriseXSS Vulnerability in Puppet Enterprise Console
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Puppet Puppet EnterpriseVersions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuratio…
5.5
First published (updated )
Puppet Puppet EnterprisePuppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret ha…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Puppet Puppetlib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 …
2.1
First published (updated )
Puppet Puppettelnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.…
3.6
First published (updated )
Puppet PuppetPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x…
3.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Puppet PuppetPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x…
2.1
First published (updated )
Puppet PuppetUnspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpri…
3.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.