Vulnerabilities > Puppet

DATE CVE VULNERABILITY TITLE RISK
2021-11-18 CVE-2021-27026 Information Exposure Through Log Files vulnerability in Puppet
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
local
low complexity
puppet CWE-532
2.1
2021-11-18 CVE-2021-27025 Unspecified vulnerability in Puppet
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
network
low complexity
puppet
4.0
2021-11-18 CVE-2021-27024 Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token.
network
low complexity
puppet CWE-732
5.5
2021-11-18 CVE-2021-27023 Unspecified vulnerability in Puppet
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.
network
low complexity
puppet
5.0
2021-09-07 CVE-2021-27022 Information Exposure Through Log Files vulnerability in Puppet
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.
network
low complexity
puppet CWE-532
4.0
2021-08-30 CVE-2021-27020 Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
network
puppet CWE-1236
6.8
2021-08-30 CVE-2021-27019 Information Exposure Through Log Files vulnerability in Puppet Enterprise
PuppetDB logging included potentially sensitive system information.
network
low complexity
puppet CWE-532
4.0
2021-08-30 CVE-2021-27018 Improper Certificate Validation vulnerability in Puppet Remediate
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated.
network
puppet CWE-295
4.3
2021-07-20 CVE-2021-27021 SQL Injection vulnerability in Puppet
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
network
low complexity
puppet CWE-89
6.5
2020-09-18 CVE-2020-7945 Insufficiently Protected Credentials vulnerability in Puppet Continuous Delivery 4.0.0
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them.
local
low complexity
puppet CWE-522
2.1