Vulnerabilities > Puppet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-1894 | Unspecified vulnerability in Puppet Enterprise and Puppet Server A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. | 5.3 |
| 2022-10-07 | CVE-2022-3275 | Command Injection vulnerability in multiple products Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. | 9.8 |
| 2022-10-07 | CVE-2022-3276 | Command Injection vulnerability in Puppet Puppetlabs-Mysql Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. | 8.8 |
| 2022-03-02 | CVE-2022-0675 | Improper Input Validation vulnerability in Puppet Firewall In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. | 6.8 |
| 2021-11-18 | CVE-2021-27023 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. | 5.0 |
| 2021-11-18 | CVE-2021-27024 | Unspecified vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1 A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. | 5.5 |
| 2021-11-18 | CVE-2021-27025 | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | 4.0 |
| 2021-11-18 | CVE-2021-27026 | Information Exposure Through Log Files vulnerability in Puppet Enterprise A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | 2.1 |
| 2021-09-07 | CVE-2021-27022 | Information Exposure Through Log Files vulnerability in Puppet Enterprise A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. | 4.0 |
| 2021-08-30 | CVE-2021-27018 | Improper Certificate Validation vulnerability in Puppet Remediate The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. | 4.3 |