Known Vulnerabilities for products from Puppetlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Puppetlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-6511 json | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into t... | 5.4 - MEDIUM | 2018-05-08 | 2022-04-12 |
| CVE-2018-6510 json | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into t... | 5.4 - MEDIUM | 2018-05-08 | 2022-04-12 |
| CVE-2016-2787 json | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for ... | Not Provided | 2017-02-13 | 2025-04-20 |
| CVE-2015-7331 json | The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors in... | Not Provided | 2017-01-30 | 2025-04-20 |
| CVE-2015-1426 json | Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a ... | Not Provided | 2015-02-23 | 2026-05-06 |
| CVE-2014-3251 json | The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properl... | Not Provided | 2014-08-12 | 2026-05-06 |
| CVE-2014-3248 json | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter ... | Not Provided | 2014-11-16 | 2026-05-06 |
| CVE-2013-4969 json | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to o... | Not Provided | 2014-01-07 | 2026-04-29 |
| CVE-2013-4956 json | Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.... | Not Provided | 2013-08-20 | 2026-04-29 |
| CVE-2013-4761 json | Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and ... | Not Provided | 2013-08-20 | 2026-04-29 |
| CVE-2013-3567 json | Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which all... | Not Provided | 2013-08-19 | 2026-04-29 |
| CVE-2013-2716 json | Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_confi... | Not Provided | 2013-04-10 | 2026-04-29 |
| CVE-2013-2275 json | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before ... | Not Provided | 2013-03-20 | 2026-04-29 |
| CVE-2013-2274 json | Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary co... | Not Provided | 2013-03-20 | 2026-04-29 |
| CVE-2013-1655 json | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbit... | Not Provided | 2013-03-20 | 2026-04-29 |
| CVE-2013-1654 json | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the ... | Not Provided | 2013-03-20 | 2026-04-29 |
| CVE-2013-1653 json | Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2,... | Not Provided | 2013-03-20 | 2026-04-29 |
| CVE-2013-1652 json | Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 ... | Not Provided | 2013-03-20 | 2026-04-29 |
| CVE-2013-1399 json | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) u... | Not Provided | 2014-03-14 | 2026-05-06 |
| CVE-2013-1398 json | The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SS... | Not Provided | 2014-03-14 | 2026-05-06 |
Known software with vulnerabilities from Puppetlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Puppetlabs | Facter | 1.6.0 |
| Application | Puppetlabs | Hiera | 1.3.3 |
| Application | Puppetlabs | Marionette-collective | 2.5.1 |
| Application | Puppetlabs | Puppet | 0.25.0 |
| Application | Puppetlabs | Puppetlabs-rabbitmq | 3.0.0 |
| Application | Puppetlabs | Puppet Dashboard | 1.0.0 |
| Application | Puppetlabs | Puppet Enterprise | 2015.2.0 |
| Application | Puppetlabs | Puppet Enterprise Users | 1.2 |
| Application | Puppetlabs | Puppet Server | 0.2.0 |
| Application | Puppetlabs | Stdlib | 2.1.0 |