Puppet Enterprise vulnerabilities

CVE-2016-2786 [CRITICAL] CWE-20 CVE-2016-2786: The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

CVE-2015-7330 [HIGH] CWE-254 CVE-2015-7330: Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protecti Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.

CVE-2015-7328 [MEDIUM] CWE-200 CVE-2015-7328: Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

CVE-2014-9355 [MEDIUM] CWE-200 CVE-2014-9355: Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

CVE-2014-3248 [MEDIUM] CWE-17 CVE-2014-3248: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated

CVE-2014-3251 [MEDIUM] CWE-362 CVE-2014-3251: The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective befor The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

CVE-2014-3249 [MEDIUM] CWE-200 CVE-2014-3249: Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vec Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.

CVE-2013-1398 [HIGH] CWE-310 CVE-2013-1398: The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access t The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.

CVE-2013-1399 [MEDIUM] CWE-352 CVE-2013-1399: Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) l Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2012-0891 [MEDIUM] CWE-79 CVE-2012-0891: Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterpr Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.

CVE-2013-4963 [MEDIUM] CWE-352 CVE-2013-4963: Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 al Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.

CVE-2012-5158 [MEDIUM] CWE-287 CVE-2012-5158: Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret ha Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.

CVE-2013-4971 [MEDIUM] CWE-264 CVE-2013-4971: Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, w Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2013-4966 [MEDIUM] CWE-287 CVE-2013-4966: The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

CVE-2013-4969 [LOW] CWE-59 CVE-2013-4969: Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1. Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

CVE-2013-4965 [MEDIUM] CWE-287 CVE-2013-4965: Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

CVE-2013-4957 [MEDIUM] CWE-94 CVE-2013-4957: The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML co The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

CVE-2013-4761 [MEDIUM] CVE-2013-4761: Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterpris Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet

CVE-2013-4967 [MEDIUM] CWE-255 CVE-2013-4967: Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors r Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

CVE-2013-4961 [MEDIUM] CWE-200 CVE-2013-4961: Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger pro Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.