VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Puppet
>
Puppet Enterprise
> 2019.7.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2023-11-07
CVE-2023-5309
Session Fixation vulnerability in Puppet Enterprise
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
network
low complexity
puppet
CWE-384
critical
9.8
9.8
2021-11-18
CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.
network
low complexity
puppet
fedoraproject
critical
9.8
9.8
2021-11-18
CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
network
low complexity
puppet
fedoraproject
6.5
6.5
2021-11-18
CVE-2021-27026
Information Exposure Through Log Files vulnerability in Puppet Puppet, Puppet Connect and Puppet Enterprise
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
local
low complexity
puppet
CWE-532
4.4
4.4
2021-09-07
CVE-2021-27022
Information Exposure Through Log Files vulnerability in Puppet and Puppet Enterprise
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be.
network
low complexity
puppet
CWE-532
4.9
4.9
2021-08-30
CVE-2021-27019
Information Exposure Through Log Files vulnerability in Puppet Enterprise and Puppetdb
PuppetDB logging included potentially sensitive system information.
network
low complexity
puppet
CWE-532
4.3
4.3
2021-08-30
CVE-2021-27020
Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
network
low complexity
puppet
CWE-1236
8.8
8.8
2021-07-20
CVE-2021-27021
SQL Injection vulnerability in Puppet and Puppetdb
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
network
low complexity
puppet
CWE-89
8.8
8.8