Vulnerabilities > Puppet
|2022-03-02||CVE-2022-0675|| Improper Input Validation vulnerability in Puppet Firewall |
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest.
| 6.8 |
|2021-11-18||CVE-2021-27023||A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.|| 5.0 |
|2021-11-18||CVE-2021-27024|| Unspecified vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1 |
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token.
| 5.5 |
|2021-11-18||CVE-2021-27025||A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.|| 4.0 |
|2021-11-18||CVE-2021-27026|| Information Exposure Through Log Files vulnerability in Puppet Enterprise |
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
| 2.1 |
|2021-09-07||CVE-2021-27022|| Information Exposure Through Log Files vulnerability in Puppet Enterprise |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.
| 4.0 |
|2021-08-30||CVE-2021-27018|| Improper Certificate Validation vulnerability in Puppet Remediate |
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated.
| 4.3 |
|2021-08-30||CVE-2021-27019|| Information Exposure Through Log Files vulnerability in Puppet Enterprise |
PuppetDB logging included potentially sensitive system information.
| 4.0 |
|2021-08-30||CVE-2021-27020|| Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise |
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
| 6.8 |
|2021-07-20||CVE-2021-27021|| SQL Injection vulnerability in Puppet |
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
| 6.5 |