cbcvebase.

Puppet Enterprise vulnerabilities

89 known vulnerabilities affecting puppet/puppet_enterprise.

Total CVEs
89
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH18MEDIUM51LOW11

Vulnerabilities

Page 2 of 5
CVE-2013-1653P3HIGHCVSS 7.1v3.1.0v2.7.0+1 more2013-03-20
CVE-2013-1653 [HIGH] CVE-2013-1653: Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2. Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
nvd
CVE-2021-27020P3HIGHCVSS 8.8fixed in 2019.8.6vPuppet Enterprise prior to 2019.8.62021-08-30
CVE-2021-27020 [HIGH] CWE-1236 CVE-2021-27020: Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
nvd
CVE-2017-2297P3HIGHCVSS 7.5fixed in 2016.4.5v2016.5.1+4 more2018-02-01
CVE-2017-2297 [HIGH] CWE-287 CVE-2017-2297: Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users befor Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.
nvd
CVE-2013-1398P3HIGHCVSS 8.5≤ 2.7.0v2.0.0+2 more2014-03-14
CVE-2013-1398 [HIGH] CWE-310 CVE-2013-1398: The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access t The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.
nvd
CVE-2013-2274P3MEDIUMCVSS 6.5v1.2.02013-03-20
CVE-2013-2274 [MEDIUM] CVE-2013-2274: Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated user Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
nvd
CVE-2023-5255P3HIGHCVSS 7.5v2023.3≥ Puppet Enterprise 2023.3, ≤ 2023.4+1 more2023-10-03
CVE-2023-5255 [HIGH] CWE-404 CVE-2023-5255: For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
nvd
CVE-2017-2294P3HIGHCVSS 7.5≤ 2016.4.3v2016.5.1+4 more2017-07-05
CVE-2017-2294 [HIGH] CWE-200 CVE-2017-2294: Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server privat Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore.
nvd
CVE-2015-4100P4MEDIUMCVSS 6.8≥ 3.7.0, ≤ 3.7.2v3.8.02017-12-21
CVE-2015-4100 [MEDIUM] CWE-295 CVE-2015-4100: Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
nvd
CVE-2012-1988P4MEDIUMCVSS 6.0≥ 1.2.0, < 2.5.1v1.0+1 more2012-05-29
CVE-2012-1988 [MEDIUM] CWE-78 CVE-2012-1988: Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a
nvd
CVE-2015-1855P4MEDIUMCVSS 5.9≥ 3.0.0, < 3.8.02019-11-29
CVE-2015-1855 [MEDIUM] CWE-20 CVE-2015-1855: verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x befo verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
nvd
CVE-2015-5686P4HIGHCVSS 8.8≥ 3.0.0, < 2015.2.02020-02-27
CVE-2015-5686 [HIGH] CWE-352 CVE-2015-5686: Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cr Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.
nvd
CVE-2013-4957P4MEDIUMCVSS 6.8≤ 3.0.0v2.5.1+5 more2013-10-25
CVE-2013-4957 [MEDIUM] CWE-94 CVE-2013-4957: The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML co The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
nvd
CVE-2017-10690P4MEDIUMCVSS 6.5fixed in 2017.3.4v2017.3.x prior to 2017.3.42018-02-09
CVE-2017-10690 [MEDIUM] CWE-269 CVE-2017-10690: In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environ In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
nvd
CVE-2013-4966P4MEDIUMCVSS 6.4≤ 3.1.1v3.0.0+2 more2014-03-09
CVE-2013-4966 [MEDIUM] CWE-287 CVE-2013-4966: The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
nvd
CVE-2013-4761P4MEDIUMCVSS 5.1v2.8.0v2.8.1+2 more2013-08-20
CVE-2013-4761 [MEDIUM] CVE-2013-4761: Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterpris Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet
nvd
CVE-2013-4967P4MEDIUMCVSS 5.0≤ 3.0.0v2.5.1+5 more2013-08-20
CVE-2013-4967 [MEDIUM] CWE-255 CVE-2013-4967: Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors r Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
nvd
CVE-2021-27025P4MEDIUMCVSS 6.5fixed in 2019.8.92021-11-18
CVE-2021-27025 [MEDIUM] CVE-2021-27025: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
nvd
CVE-2015-8470P4MEDIUMCVSS 6.5≥ 3.7.0, ≤ 3.7.2≥ 3.8.0, ≤ 3.8.6+1 more2017-12-11
CVE-2015-8470 [MEDIUM] CWE-200 CVE-2015-8470: The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSE The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
nvd
CVE-2013-4965P4MEDIUMCVSS 5.0≤ 3.0.1v3.0.02013-10-25
CVE-2013-4965 [MEDIUM] CWE-287 CVE-2013-4965: Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.
nvd
CVE-2017-2296P4MEDIUMCVSS 6.5v2017.1.0v2017.1.1+2 more2018-02-01
CVE-2017-2296 [MEDIUM] CWE-20 CVE-2017-2296: In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formattin In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
nvd
Puppet Enterprise vulnerabilities | cvebase