Vulnerabilities > Puppet > Puppet Enterprise > 2017.2.5

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-5309 Session Fixation vulnerability in Puppet Enterprise
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
network
low complexity
puppet CWE-384
critical
9.8
2021-11-18 CVE-2021-27023 A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.
network
low complexity
puppet fedoraproject
critical
9.8
2021-11-18 CVE-2021-27025 A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
network
low complexity
puppet fedoraproject
6.5
2021-11-18 CVE-2021-27026 Information Exposure Through Log Files vulnerability in Puppet Enterprise
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
local
low complexity
puppet CWE-532
2.1
2021-09-07 CVE-2021-27022 Information Exposure Through Log Files vulnerability in Puppet and Puppet Enterprise
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.
network
low complexity
puppet CWE-532
4.9
2021-08-30 CVE-2021-27019 Information Exposure Through Log Files vulnerability in Puppet Enterprise
PuppetDB logging included potentially sensitive system information.
network
low complexity
puppet CWE-532
4.0
2021-08-30 CVE-2021-27020 Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
network
puppet CWE-1236
6.8
2021-07-20 CVE-2021-27021 SQL Injection vulnerability in Puppet
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
network
low complexity
puppet CWE-89
6.5
2018-05-08 CVE-2018-6511 Cross-site Scripting vulnerability in Puppet Enterprise
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console.
network
puppet CWE-79
3.5
2018-05-08 CVE-2018-6510 Cross-site Scripting vulnerability in Puppet Enterprise
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator.
network
puppet CWE-79
3.5