Filtered by vendor Puppet
Subscriptions
Filtered by product Puppet Enterprise
Subscriptions
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27025 | 3 Fedoraproject, Puppet, Redhat | 8 Fedora, Puppet, Puppet Agent and 5 more | 2024-08-03 | 6.5 Medium |
| A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | ||||
| CVE-2021-27023 | 3 Fedoraproject, Puppet, Redhat | 7 Fedora, Puppet Agent, Puppet Enterprise and 4 more | 2024-08-03 | 9.8 Critical |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | ||||
| CVE-2021-27021 | 1 Puppet | 3 Puppet, Puppet Enterprise, Puppetdb | 2024-08-03 | 8.8 High |
| A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | ||||
| CVE-2021-27022 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-08-03 | 4.9 Medium |
| A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | ||||
| CVE-2021-27020 | 1 Puppet | 1 Puppet Enterprise | 2024-08-03 | 8.8 High |
| Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | ||||
| CVE-2021-27026 | 1 Puppet | 3 Puppet, Puppet Connect, Puppet Enterprise | 2024-08-03 | 4.4 Medium |
| A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | ||||
| CVE-2023-2530 | 1 Puppet | 1 Puppet Enterprise | 2024-08-02 | 9.8 Critical |
| A privilege escalation allowing remote code execution was discovered in the orchestration service. | ||||
| CVE-2023-1894 | 2 Puppet, Redhat | 4 Puppet Enterprise, Puppet Server, Satellite and 1 more | 2024-08-02 | 5.3 Medium |
| A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | ||||