Vulnerabilities > Puppet > Puppet Server > 6.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-18 | CVE-2021-27023 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. | 9.8 |
| 2020-03-11 | CVE-2020-7943 | Unspecified vulnerability in Puppet Enterprise and Puppet Server Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. | 5.0 |
| 2019-12-16 | CVE-2018-11751 | Improper Certificate Validation vulnerability in Puppet Server Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. | 4.8 |