Debian Puppet vulnerabilities

CVE-2023-5255 [MEDIUM] CVE-2023-5255: puppet - For certificates that utilize the auto-renew feature in Puppet Server, a flaw ex... For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Scope: local bullseye: resolved

CVE-2023-1894 [MEDIUM] CVE-2023-1894: puppet - A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Se... A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. Scope: local bullseye: resolved

CVE-2023-2530 [CRITICAL] CVE-2023-2530: puppet - A privilege escalation allowing remote code execution was discovered in the orch... A privilege escalation allowing remote code execution was discovered in the orchestration service. Scope: local bullseye: resolved

CVE-2021-27023 [CRITICAL] CVE-2021-27023: puppet - A flaw was discovered in Puppet Agent and Puppet Server that may result in a lea... A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 Scope: local bullseye: open

CVE-2021-27025 [MEDIUM] CVE-2021-27025: puppet - A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas... A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. Scope: local bullseye: open

CVE-2021-27022 [MEDIUM] CVE-2021-27022: puppet - A flaw was discovered in bolt-server and ace where running a task with sensitive... A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). Scope: local bullseye: resolved

CVE-2021-27017 [MEDIUM] CVE-2021-27017: puppet - Utilization of a module presented a security risk by allowing the deserializatio... Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. Scope: local bullseye: resolved

CVE-2021-27020 [HIGH] CVE-2021-27020: puppet - Puppet Enterprise presented a security risk by not sanitizing user input when do... Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. Scope: local bullseye: resolved

CVE-2020-7942 [MEDIUM] CVE-2020-7942: puppet - Previously, Puppet operated on a model that a node with a valid certificate was ... Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can

CVE-2020-7943 [HIGH] CVE-2020-7943: puppet - Puppet Server and PuppetDB provide useful performance and debugging information ... Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local net

CVE-2018-6516 [HIGH] CVE-2018-6516: puppet - On Windows only, with a specifically crafted configuration file an attacker coul... On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. Scope: local bullseye: resolved

CVE-2018-6513 [HIGH] CVE-2018-6513: puppet - Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior ... Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate pri

CVE-2018-11749 [CRITICAL] CVE-2018-11749: puppet - When users are configured to use startTLS with RBAC LDAP, at login time, the use... When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score. Scope: local bullseye: resolved

CVE-2018-6515 [HIGH] CVE-2018-6515: puppet - Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Pup... Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation. Scope: local bullseye: resolved

CVE-2018-6510 [MEDIUM] CVE-2018-6510: puppet - A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Ente... A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. Scope: local bullseye: resolved

CVE-2018-6512 [CRITICAL] CVE-2018-6512: puppet - The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code ex... The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. Scope: local bullseye: resolved

CVE-2018-6511 [MEDIUM] CVE-2018-6511: puppet - A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Ente... A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. Scope: local bullseye: resolved

CVE-2018-11751 [MEDIUM] CVE-2018-11751: puppet - Previous versions of Puppet Agent didn't verify the peer in the SSL connection p... Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. Scope: local bullseye: resolved

CVE-2017-2295 [HIGH] CVE-2017-2295: puppet - Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the ... Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. Scope: local bullseye:

CVE-2017-10689 [MEDIUM] CVE-2017-10689: puppet - In previous versions of Puppet Agent it was possible to install a module with wo... In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. Scope: local bullseye: resolved (fixed in 5.4.0-1)