Known Vulnerabilities for Puppet Enterprise by Puppet
Listed below are 10 of the newest known vulnerabilities associated with "Puppet Enterprise" by "Puppet".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-27026 | A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | 4.4 - MEDIUM | 2021-11-18 | 2022-01-24 |
| CVE-2021-27025 | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of... | 6.5 - MEDIUM | 2021-11-18 | 2023-11-07 |
| CVE-2021-27023 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP red... | 9.8 - CRITICAL | 2021-11-18 | 2023-11-07 |
| CVE-2021-27022 | A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parame... | 4.9 - MEDIUM | 2021-09-07 | 2023-11-07 |
| CVE-2021-27021 | A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables v... | 8.8 - HIGH | 2021-07-20 | 2022-01-24 |
| CVE-2021-27020 | Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | 8.8 - HIGH | 2021-08-30 | 2021-09-07 |
| CVE-2021-27019 | PuppetDB logging included potentially sensitive system information. | 4.3 - MEDIUM | 2021-08-30 | 2021-09-07 |
| CVE-2020-7943 | Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB... | 7.5 - HIGH | 2020-03-11 | 2022-01-24 |
| CVE-2019-10694 | The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install ... | 9.8 - CRITICAL | 2019-12-12 | 2022-01-24 |
| CVE-2018-6508 | Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was pas... | 8 - HIGH | 2018-02-09 | 2022-01-24 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Puppet | Puppet Enterprise | 3.8.6 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.8.5 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.8.4 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.8.3 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.8.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.8.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.8.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.7.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.7.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.7.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.3.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.3.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.3.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.2.3 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.2.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.2.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.2.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.3 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.1 | All | All | All |