75 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the getFact function due to improper input sanitization. PoC js var root = require"puppet-facter" root.getFact"& touch JHU",function, Remediation There is no fixed version for puppet-facter. References - Vulnerable...
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
GHSA-J436-H7HM-RX46 Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
puppetlabs-rabbitmq allows local users to obtain sensitive information
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...
GHSA-H3GH-978R-747W puppetlabs-rabbitmq allows local users to obtain sensitive information
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...
CVE-2020-26205
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...
Spoofing
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...
CVE-2020-26205 XSS in Sal
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...
CVE-2020-26205
CVE-2020-26205 affects Sal, a multi-tenant reporting dashboard for Munki that displays data from Facter. The connected sources describe an XSS vulnerability in the machine_list view present up to Sal version 4.1.6. The vulnerability is surfaced via input that can be reflected into the page, enabl...
Puppet Agent DLL Preload Vulnerability
Puppet is the United States Puppet Labs a set of client / server C / S architecture based on the configuration management tools . Puppet Agent for Windows is one of the Windows platform based on the agent program . A security vulnerability exists in Facter in Puppet Agent for Windows versions...
Privilege escalation
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...
CVE-2018-6514
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...
CVE-2018-6514
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...
CVE-2018-6514
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...
CVE-2018-6514
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...
CVE-2018-6514
CVE-2018-6514 : Affected software is Puppet Agent on Windows with DLL preloading in Facter. Versions affected: Puppet Agent 1.10.x before 1.10.13; 5.3.x before 5.3.7; 5.5.x before 5.5.2. Root cause is a DLL preloading vulnerability that could lead to privilege escalation. Impact is described as h...
CVE-2018-6514
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...
CVE-2018-6508
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...
CVE-2018-6508
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...
DEBIAN-CVE-2018-6508
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...