Vulnerabilities > Puppet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-18 | CVE-2021-27025 | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | 6.5 |
| 2021-11-18 | CVE-2021-27026 | Information Exposure Through Log Files vulnerability in Puppet Puppet, Puppet Connect and Puppet Enterprise A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | 4.4 |
| 2021-09-07 | CVE-2021-27022 | Information Exposure Through Log Files vulnerability in Puppet and Puppet Enterprise A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. | 4.9 |
| 2021-08-30 | CVE-2021-27018 | Improper Certificate Validation vulnerability in Puppet Remediate The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. | 7.5 |
| 2021-08-30 | CVE-2021-27019 | Information Exposure Through Log Files vulnerability in Puppet Enterprise and Puppetdb PuppetDB logging included potentially sensitive system information. | 4.3 |
| 2021-08-30 | CVE-2021-27020 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | 8.8 |
| 2021-07-20 | CVE-2021-27021 | SQL Injection vulnerability in Puppet and Puppetdb A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | 8.8 |
| 2020-09-18 | CVE-2020-7945 | Insufficiently Protected Credentials vulnerability in Puppet Continuous Delivery 4.0.0 Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. | 5.5 |
| 2020-03-26 | CVE-2020-7944 | Information Exposure vulnerability in Puppet Continuous Delivery In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. | 7.7 |
| 2020-03-11 | CVE-2020-7943 | Unspecified vulnerability in Puppet Server Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. | 7.5 |