Latest Vulnerabilities Affecting Puppetlabs products

Date	CVE	Title	CVSS
2018-05-08	CVE-2018-6510	Cross-Site Scripting (XSS) vulnerability in Puppetlabs Puppet 2017.3	Low
2018-05-08	CVE-2018-6511	Cross-Site Scripting (XSS) vulnerability in Puppetlabs Puppet 2017.3	Low
2017-10-18	CVE-2016-5714	Improper Access Control vulnerability in Puppet and Puppetlabs products	Medium
2017-06-30	CVE-2017-2298	Input Validation vulnerability in Puppetlabs Mcollective Sshkey Security 0.5.0	Medium
2017-03-03	CVE-2017-2290	Permissions, Privileges, and Access Control vulnerability in Puppetlabs Mcollective Puppet Agent 1.12.0	High
2017-02-13	CVE-2016-2787	Improper Access Control vulnerability in Puppet and Puppetlabs products	Medium
2017-01-30	CVE-2015-7331	Security Features vulnerability in Puppetlabs Mcollective Puppet Agent 1.11.0	Medium
2016-06-10	CVE-2016-2785	Improper Access Control vulnerability in Puppetlabs Puppet, puppet agent and puppet server	High
2016-06-10	CVE-2016-2786	Input Validation vulnerability in Puppet and Puppetlabs products	High
2015-02-23	CVE-2015-1426	Information Leak / Disclosure vulnerability in Puppet and Puppetlabs products	Low
2014-11-16	CVE-2014-3248	Code vulnerability in Puppet and Puppetlabs products	Medium
2014-08-12	CVE-2014-3251	Race Conditions vulnerability in Puppet and Puppetlabs products	Medium
2014-03-14	CVE-2012-5158	Authentication Issues vulnerability in Puppet and Puppetlabs products	Medium
2014-03-14	CVE-2013-1399	Cross-Site Request Forgery (CSRF) vulnerability in Puppet and Puppetlabs products	Medium
2014-03-14	CVE-2013-1398	Cryptographic Issues vulnerability in Puppet and Puppetlabs products	High

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.