Puppet Puppetdb vulnerabilities
3 known vulnerabilities affecting puppet/puppetdb.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-27019MEDIUMCVSS 4.3≥ 6.0.0, < 6.16.1≥ 7.0.0, < 7.3.12021-08-30
CVE-2021-27019 [MEDIUM] CWE-532 CVE-2021-27019: PuppetDB logging included potentially sensitive system information.
PuppetDB logging included potentially sensitive system information.
nvdosv
CVE-2021-27021HIGHCVSS 8.8fixed in 6.17.0≥ 7.0.0, < 7.4.12021-07-20
CVE-2021-27021 [HIGH] CWE-1027 CVE-2021-27021: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows th
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
nvdosv
CVE-2020-7943HIGHCVSS 7.5PoCfixed in 5.2.15≥ 6.0.0, < 6.10.1+2 more2020-03-11
CVE-2020-7943 [HIGH] CWE-276 CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics AP
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open
cvelistv5nvdosv