Vulnerabilities > Puppet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-5255 | Improper Resource Shutdown or Release vulnerability in Puppet and Puppet Server For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | 7.5 |
| 2022-10-07 | CVE-2022-3276 | Unspecified vulnerability in Puppet Puppetlabs-Mysql Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. | 8.8 |
| 2021-11-18 | CVE-2021-27024 | Unspecified vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1 A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. | 8.1 |
| 2021-08-30 | CVE-2021-27018 | Improper Certificate Validation vulnerability in Puppet Remediate The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. | 7.5 |
| 2021-08-30 | CVE-2021-27020 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | 8.8 |
| 2021-07-20 | CVE-2021-27021 | SQL Injection vulnerability in Puppet and Puppetdb A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | 8.8 |
| 2020-03-26 | CVE-2020-7944 | Information Exposure vulnerability in Puppet Continuous Delivery In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. | 7.7 |
| 2020-03-11 | CVE-2020-7943 | Unspecified vulnerability in Puppet Server Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. | 7.5 |
| 2020-02-27 | CVE-2015-5686 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Puppet Enterprise Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. | 8.8 |
| 2019-03-21 | CVE-2018-6517 | Improper Certificate Validation vulnerability in Puppet Chloride Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. | 7.5 |