Vulnerabilities > Puppet

DATE CVE VULNERABILITY TITLE RISK
2022-03-02 CVE-2022-0675 Improper Input Validation vulnerability in Puppet Firewall
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest.
network
puppet CWE-20
6.8
2021-11-18 CVE-2021-27023 A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.
network
low complexity
puppet fedoraproject
5.0
2021-11-18 CVE-2021-27024 Unspecified vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token.
network
low complexity
puppet
5.5
2021-11-18 CVE-2021-27025 A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
network
low complexity
puppet fedoraproject
4.0
2021-11-18 CVE-2021-27026 Information Exposure Through Log Files vulnerability in Puppet Enterprise
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
local
low complexity
puppet CWE-532
2.1
2021-09-07 CVE-2021-27022 Information Exposure Through Log Files vulnerability in Puppet Enterprise
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.
network
low complexity
puppet CWE-532
4.0
2021-08-30 CVE-2021-27018 Improper Certificate Validation vulnerability in Puppet Remediate
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated.
network
puppet CWE-295
4.3
2021-08-30 CVE-2021-27019 Information Exposure Through Log Files vulnerability in Puppet Enterprise
PuppetDB logging included potentially sensitive system information.
network
low complexity
puppet CWE-532
4.0
2021-08-30 CVE-2021-27020 Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
network
puppet CWE-1236
6.8
2021-07-20 CVE-2021-27021 SQL Injection vulnerability in Puppet
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
network
low complexity
puppet CWE-89
6.5