Vulnerabilities > Puppet > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-5309 | Session Fixation vulnerability in Puppet Enterprise Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 9.8 |
| 2023-10-06 | CVE-2023-5214 | Improper Privilege Management vulnerability in Puppet Bolt In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 9.8 |
| 2023-06-07 | CVE-2023-2530 | Unspecified vulnerability in Puppet Enterprise 2021.7.1/2023.0/2023.1.0 A privilege escalation allowing remote code execution was discovered in the orchestration service. | 9.8 |
| 2022-10-07 | CVE-2022-3275 | Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. | 9.8 |
| 2022-03-02 | CVE-2022-0675 | Improper Input Validation vulnerability in Puppet Firewall In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. | 9.8 |
| 2021-11-18 | CVE-2021-27023 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. | 9.8 |
| 2019-12-13 | CVE-2014-0175 | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
| 2019-12-12 | CVE-2019-10694 | Use of Hard-coded Credentials vulnerability in Puppet Enterprise The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. | 9.8 |
| 2019-03-21 | CVE-2018-11747 | Improper Certificate Validation vulnerability in Puppet Discovery Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. | 9.8 |
| 2018-08-24 | CVE-2018-11749 | Cleartext Transmission of Sensitive Information vulnerability in Puppet Enterprise When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. | 9.8 |