Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Puppet Subscribe
Total 122 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1988 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2019-07-11 6.0 MEDIUM N/A
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
CVE-2012-1989 2 Puppet, Puppetlabs 3 Puppet, Puppet Enterprise, Puppet 2019-07-11 3.6 LOW N/A
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
CVE-2012-1054 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2019-07-11 4.4 MEDIUM N/A
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
CVE-2012-1053 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2019-07-11 6.9 MEDIUM N/A
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
CVE-2011-3872 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2019-07-11 2.6 LOW N/A
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
CVE-2012-1986 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2019-07-11 2.1 LOW N/A
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
CVE-2014-7170 1 Puppet 1 Puppet Server 2019-07-11 1.9 LOW N/A
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.
CVE-2015-1029 1 Puppet 2 Puppet Enterprise, Stdlib 2019-07-11 6.5 MEDIUM N/A
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
CVE-2015-1426 2 Puppet, Puppetlabs 2 Facter, Facter 2019-07-11 2.1 LOW N/A
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
CVE-2012-0891 1 Puppet 2 Puppet Dashboard, Puppet Enterprise 2019-07-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
CVE-2014-3251 2 Puppet, Puppetlabs 2 Puppet Enterprise, Mcollective 2019-07-10 4.4 MEDIUM N/A
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
CVE-2013-3567 4 Canonical, Novell, Puppet and 1 more 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more 2019-07-10 7.5 HIGH N/A
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
CVE-2013-4761 2 Puppet, Puppetlabs 3 Puppet, Puppet Enterprise, Puppet 2019-07-10 5.1 MEDIUM N/A
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
CVE-2013-4762 1 Puppet 1 Puppet Enterprise 2019-07-10 5.8 MEDIUM N/A
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
CVE-2013-4955 1 Puppet 1 Puppet Enterprise 2019-07-10 5.8 MEDIUM N/A
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
CVE-2013-4956 2 Puppet, Puppetlabs 3 Puppet, Puppet Enterprise, Puppet 2019-07-10 3.6 LOW N/A
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.
CVE-2013-4957 1 Puppet 1 Puppet Enterprise 2019-07-10 6.8 MEDIUM N/A
The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
CVE-2013-4958 1 Puppet 1 Puppet Enterprise 2019-07-10 6.9 MEDIUM N/A
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
CVE-2013-4959 1 Puppet 1 Puppet Enterprise 2019-07-10 2.1 LOW N/A
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
CVE-2013-4961 1 Puppet 1 Puppet Enterprise 2019-07-10 5.0 MEDIUM N/A
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.