Known Vulnerabilities for products from Puppetlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Puppetlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-6511 | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into t... | 5.4 - MEDIUM | 2018-05-08 | 2022-04-12 |
| CVE-2018-6510 | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into t... | 5.4 - MEDIUM | 2018-05-08 | 2022-04-12 |
| CVE-2017-2298 | The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a f... | 6.5 - MEDIUM | 2017-06-30 | 2021-09-09 |
| CVE-2017-2290 | On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an execu... | 8.8 - HIGH | 2017-03-03 | 2021-09-09 |
| CVE-2016-5714 | Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass ... | 7.2 - HIGH | 2017-10-18 | 2022-01-24 |
| CVE-2016-2787 | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for ... | 5.3 - MEDIUM | 2017-02-13 | 2019-07-10 |
| CVE-2016-2786 | The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly v... | 9.8 - CRITICAL | 2016-06-10 | 2022-01-24 |
| CVE-2016-2785 | Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remo... | 9.8 - CRITICAL | 2016-06-10 | 2021-09-09 |
| CVE-2015-7331 | The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors in... | 6.6 - MEDIUM | 2017-01-30 | 2017-02-24 |
| CVE-2015-1426 | Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a ... | 2.1 - LOW | 2015-02-23 | 2019-07-11 |
| CVE-2014-3251 | The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properl... | 4.4 - MEDIUM | 2014-08-12 | 2019-07-10 |
| CVE-2014-3248 | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter ... | 6.2 - MEDIUM | 2014-11-16 | 2019-07-16 |
| CVE-2013-4969 | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to o... | 2.1 - LOW | 2014-01-07 | 2022-01-24 |
| CVE-2013-4956 | Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.... | 3.6 - LOW | 2013-08-20 | 2019-07-10 |
| CVE-2013-4761 | Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and ... | 5.1 - MEDIUM | 2013-08-20 | 2019-07-10 |
| CVE-2013-3567 | Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which all... | 7.5 - HIGH | 2013-08-19 | 2019-07-10 |
| CVE-2013-2716 | Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_confi... | 5 - MEDIUM | 2013-04-10 | 2019-07-10 |
| CVE-2013-2275 | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before ... | 4 - MEDIUM | 2013-03-20 | 2019-07-10 |
| CVE-2013-2274 | Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary co... | 6.5 - MEDIUM | 2013-03-20 | 2019-07-10 |
| CVE-2013-1655 | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbit... | 7.5 - HIGH | 2013-03-20 | 2019-07-10 |
Known software with vulnerabilities from Puppetlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Puppetlabs | Facter | 1.6.0 |
| Application | Puppetlabs | Hiera | 1.3.3 |
| Application | Puppetlabs | Marionette-collective | 2.5.1 |
| Application | Puppetlabs | Puppet | 0.25.0 |
| Application | Puppetlabs | Puppet Dashboard | 1.0.0 |
| Application | Puppetlabs | Puppet Enterprise | 3.0.0 |
| Application | Puppetlabs | Puppet Enterprise Users | 1.2 |
| Application | Puppetlabs | Puppet Server | 0.2.0 |
| Application | Puppetlabs | Puppetlabs-rabbitmq | 3.0.0 |
| Application | Puppetlabs | Stdlib | 2.1.0 |