Vulnerabilities > Puppet
|2021-11-18||CVE-2021-27026|| Information Exposure Through Log Files vulnerability in Puppet |
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
| 2.1 |
|2021-11-18||CVE-2021-27025|| Unspecified vulnerability in Puppet |
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
| 4.0 |
|2021-11-18||CVE-2021-27024|| Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1 |
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token.
| 5.5 |
|2021-11-18||CVE-2021-27023|| Unspecified vulnerability in Puppet |
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.
| 5.0 |
|2021-09-07||CVE-2021-27022|| Information Exposure Through Log Files vulnerability in Puppet |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.
| 4.0 |
|2021-08-30||CVE-2021-27020|| Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise |
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
| 6.8 |
|2021-08-30||CVE-2021-27019|| Information Exposure Through Log Files vulnerability in Puppet Enterprise |
PuppetDB logging included potentially sensitive system information.
| 4.0 |
|2021-08-30||CVE-2021-27018|| Improper Certificate Validation vulnerability in Puppet Remediate |
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated.
| 4.3 |
|2021-07-20||CVE-2021-27021|| SQL Injection vulnerability in Puppet |
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
| 6.5 |
|2020-09-18||CVE-2020-7945|| Insufficiently Protected Credentials vulnerability in Puppet Continuous Delivery 4.0.0 |
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them.
| 2.1 |