Puppet Enterprise vulnerabilities
89 known vulnerabilities affecting puppet/puppet_enterprise.
Total CVEs
89
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH18MEDIUM51LOW11
Vulnerabilities
Page 1 of 5
CVE-2020-7943P2HIGHCVSS 7.5PoC≥ 2018.1.0, < 2018.1.15≥ 2019.0, < 2019.7.0+1 more2020-03-11
CVE-2020-7943 [HIGH] CWE-276 CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics AP
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open
nvd
CVE-2017-7529P2HIGHCVSS 7.5fixed in 2016.4.7≥ 2017.1.0, ≤ 2017.1.1+1 more2017-07-13
CVE-2017-7529 [HIGH] CWE-190 CVE-2017-7529: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerabili
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
nvd
CVE-2016-2788P3CRITICALCVSS 9.8≥ 3.8.0, < 3.8.6≥ 2016.2.0, < 2016.2.12017-02-13
CVE-2016-2788 [CRITICAL] CWE-284 CVE-2016-2788: MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to e
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
nvd
CVE-2023-2530P2CRITICALCVSS 9.8≥ 2021.7.0, ≤ 2021.7.3v2023.0+3 more2023-06-07
CVE-2023-2530 [CRITICAL] CVE-2023-2530: A privilege escalation allowing remote code execution was discovered in the orchestration service.
A privilege escalation allowing remote code execution was discovered in the orchestration service.
nvd
CVE-2025-5459P3HIGHCVSS 8.8≥ 2018.1.8, < 2023.8.4v2025.3.02025-06-26
CVE-2025-5459 [HIGH] CWE-78 CVE-2025-5459: A user with specific node group editing permissions and a specially crafted class parameter could be
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
nvd
CVE-2018-6512P3CRITICALCVSS 9.8≥ 2018.1.0, < 2018.1.12018-06-11
CVE-2018-6512 [CRITICAL] CWE-94 CVE-2018-6512: The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgradi
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.
nvd
CVE-2015-7330P3HIGHCVSS 8.8v2015.3.02016-04-11
CVE-2015-7330 [HIGH] CWE-254 CVE-2015-7330: Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protecti
Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
nvd
CVE-2013-1640P3CRITICALCVSS 9.0fixed in 1.2.7v2.7.0+1 more2013-03-20
CVE-2013-1640 [CRITICAL] CVE-2013-1640: The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
nvd
CVE-2016-5716P3HIGHCVSS 8.8v2015.2.0v2015.2.1+11 more2017-08-09
CVE-2016-5716 [HIGH] CWE-134 CVE-2016-5716: The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads th
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
nvd
CVE-2016-2786P3CRITICALCVSS 9.8v2015.3.0v2015.3.22016-06-10
CVE-2016-2786 [CRITICAL] CWE-20 CVE-2016-2786: The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.
nvd
CVE-2013-3567P3HIGHCVSS 7.5≤ 2.8.1v1.0+6 more2013-08-19
CVE-2013-3567 [HIGH] CWE-20 CVE-2013-3567: Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
nvd
CVE-2021-27021P3HIGHCVSS 8.8fixed in 2019.8.7≥ 2021.0.0, < 2021.2.02021-07-20
CVE-2021-27021 [HIGH] CWE-1027 CVE-2021-27021: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows th
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
nvd
CVE-2016-5714P3HIGHCVSS 7.2v2015.3.3v2016.1.1+3 more2017-10-18
CVE-2016-5714 [HIGH] CWE-284 CVE-2016-5714: Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow re
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
nvd
CVE-2023-5309P3CRITICALCVSS 9.8fixed in 2021.7.6≥ 2023.0, < 2023.5.0+2 more2023-11-07
CVE-2023-5309 [CRITICAL] CWE-384 CVE-2023-5309: Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken se
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
nvd
CVE-2013-1655P3HIGHCVSS 7.5v3.1.02013-03-20
CVE-2013-1655 [HIGH] CWE-20 CVE-2013-1655: Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote a
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
nvd
CVE-2019-10694P3CRITICALCVSS 9.8≥ 2018.1.0, < 2018.1.9≥ 2019.0, < 2019.0.3+1 more2019-12-12
CVE-2019-10694 [CRITICAL] CWE-798 CVE-2019-10694: The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL a
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.
nvd
CVE-2021-27023P3CRITICALCVSS 9.8fixed in 2019.8.9≥ 2021.0.0, < 2021.42021-11-18
CVE-2021-27023 [CRITICAL] CVE-2021-27023: A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credential
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
nvd
CVE-2018-11749P3CRITICALCVSS 9.8≤ 2016.4.14≥ 2017.3.0, ≤ 2017.3.9+4 more2018-08-24
CVE-2018-11749 [CRITICAL] CWE-319 CVE-2018-11749: When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.
nvd
CVE-2018-6513P3HIGHCVSS 8.8≥ 2016.4.0, < 2016.4.12≥ 2017.3.0, < 2017.3.7+1 more2018-06-11
CVE-2018-6513 [HIGH] CWE-426 CVE-2018-6513: Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that c
nvd
CVE-2018-6508P3HIGHCVSS 8.0≥ 2017.3.0, ≤ 2017.3.2v2017.3.x prior to 2017.3.42018-02-09
CVE-2018-6508 [HIGH] CWE-134 CVE-2018-6508: Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a special
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
nvd
1 / 5Next →