Known Vulnerabilities for products from Puppetlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Puppetlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-6511 json | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into t... | 5.4 - MEDIUM | 2018-05-08 | 2022-04-12 |
| CVE-2018-6510 json | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into t... | 5.4 - MEDIUM | 2018-05-08 | 2022-04-12 |
| CVE-2017-2298 json | The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a f... | 6.5 - MEDIUM | 2017-06-30 | 2021-09-09 |
| CVE-2017-2290 json | On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an execu... | 8.8 - HIGH | 2017-03-03 | 2021-09-09 |
| CVE-2016-5714 json | Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass ... | 7.2 - HIGH | 2017-10-18 | 2022-01-24 |
| CVE-2016-2787 json | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for ... | 5.3 - MEDIUM | 2017-02-13 | 2019-07-10 |
| CVE-2016-2786 json | The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly v... | 9.8 - CRITICAL | 2016-06-10 | 2022-01-24 |
| CVE-2016-2785 json | Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remo... | 9.8 - CRITICAL | 2016-06-10 | 2021-09-09 |
| CVE-2015-7331 json | The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors in... | 6.6 - MEDIUM | 2017-01-30 | 2017-02-24 |
| CVE-2015-1426 json | Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a ... | 2.1 - LOW | 2015-02-23 | 2019-07-11 |
| CVE-2014-3251 json | The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properl... | 4.4 - MEDIUM | 2014-08-12 | 2019-07-10 |
| CVE-2014-3248 json | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter ... | 6.2 - MEDIUM | 2014-11-16 | 2019-07-16 |
| CVE-2013-4969 json | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to o... | 2.1 - LOW | 2014-01-07 | 2022-01-24 |
| CVE-2013-4956 json | Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.... | 3.6 - LOW | 2013-08-20 | 2019-07-10 |
| CVE-2013-4761 json | Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and ... | 5.1 - MEDIUM | 2013-08-20 | 2019-07-10 |
| CVE-2013-3567 json | Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which all... | 7.5 - HIGH | 2013-08-19 | 2019-07-10 |
| CVE-2013-2716 json | Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_confi... | 5 - MEDIUM | 2013-04-10 | 2019-07-10 |
| CVE-2013-2275 json | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before ... | 4 - MEDIUM | 2013-03-20 | 2019-07-10 |
| CVE-2013-2274 json | Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary co... | 6.5 - MEDIUM | 2013-03-20 | 2019-07-10 |
| CVE-2013-1655 json | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbit... | 7.5 - HIGH | 2013-03-20 | 2019-07-10 |
Known software with vulnerabilities from Puppetlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Puppetlabs | Facter | 1.6.0 |
| Application | Puppetlabs | Hiera | 1.3.3 |
| Application | Puppetlabs | Marionette-collective | 2.5.1 |
| Application | Puppetlabs | Puppet | 0.25.0 |
| Application | Puppetlabs | Puppetlabs-rabbitmq | 3.0.0 |
| Application | Puppetlabs | Puppet Dashboard | 1.0.0 |
| Application | Puppetlabs | Puppet Enterprise | 2015.2.0 |
| Application | Puppetlabs | Puppet Enterprise Users | 1.2 |
| Application | Puppetlabs | Puppet Server | 0.2.0 |
| Application | Puppetlabs | Stdlib | 2.1.0 |