Vulnerabilities > Puppet > Puppet Enterprise > 2023.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-5309 Session Fixation vulnerability in Puppet Enterprise
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
network
low complexity
puppet CWE-384
critical
 9.8
9.8
2023-06-07 CVE-2023-2530 Unspecified vulnerability in Puppet Enterprise 2021.7.1/2023.0/2023.1.0
A privilege escalation allowing remote code execution was discovered in the orchestration service.
network
low complexity
puppet
critical
 9.8
9.8