Lucene search
K

75 matches found

Snyk
Snyk
added 2022/12/19 11:55 a.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the getFact function due to improper input sanitization. PoC js var root = require"puppet-facter" root.getFact"& touch JHU",function, Remediation There is no fixed version for puppet-facter. References - Vulnerable...

7.8CVSS7.4AI score0.01219EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.13 views

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS6.5AI score0.00353EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 12:56 a.m.19 views

GHSA-J436-H7HM-RX46 Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS5.8AI score0.00353EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.22 views

puppetlabs-rabbitmq allows local users to obtain sensitive information

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...

2.1CVSS3AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 12:56 a.m.15 views

GHSA-H3GH-978R-747W puppetlabs-rabbitmq allows local users to obtain sensitive information

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...

2.1CVSS5.6AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2020/10/29 8:15 p.m.18 views

CVE-2020-26205

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

5.4CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2020/10/29 8:15 p.m.16 views

Spoofing

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

3.5CVSS5.2AI score0.00665EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/29 8:0 p.m.35 views

CVE-2020-26205 XSS in Sal

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

7.6CVSS7.2AI score0.00665EPSS
Exploits0References2
CVE
CVE
added 2020/10/29 8:0 p.m.53 views

CVE-2020-26205

CVE-2020-26205 affects Sal, a multi-tenant reporting dashboard for Munki that displays data from Facter. The connected sources describe an XSS vulnerability in the machine_list view present up to Sal version 4.1.6. The vulnerability is surfaced via input that can be reflected into the page, enabl...

7.6CVSS5.5AI score0.00665EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/06/12 12:0 a.m.3 views

Puppet Agent DLL Preload Vulnerability

Puppet is the United States Puppet Labs a set of client / server C / S architecture based on the configuration management tools . Puppet Agent for Windows is one of the Windows platform based on the agent program . A security vulnerability exists in Facter in Puppet Agent for Windows versions...

7.8CVSS7.5AI score0.00847EPSS
Exploits0References1
Prion
Prion
added 2018/06/11 8:29 p.m.11 views

Privilege escalation

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...

6.8CVSS7.5AI score0.00847EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/11 8:29 p.m.30 views

CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...

7.8CVSS7.6AI score0.00847EPSS
Exploits0References1
OSV
OSV
added 2018/06/11 8:29 p.m.19 views

CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...

7.8CVSS7AI score0.00847EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/06/11 8:0 p.m.23 views

CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...

7.8CVSS7.6AI score0.00847EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/11 8:0 p.m.26 views

CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...

7.6AI score0.00847EPSS
Exploits0References1
CVE
CVE
added 2018/06/11 8:0 p.m.46 views

CVE-2018-6514

CVE-2018-6514 : Affected software is Puppet Agent on Windows with DLL preloading in Facter. Versions affected: Puppet Agent 1.10.x before 1.10.13; 5.3.x before 5.3.7; 5.5.x before 5.5.2. Root cause is a DLL preloading vulnerability that could lead to privilege escalation. Impact is described as h...

7.8CVSS7.5AI score0.00847EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/08 7:32 a.m.29 views

CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation...

7.8CVSS3.6AI score0.00847EPSS
Exploits0References2
NVD
NVD
added 2018/02/09 8:29 p.m.16 views

CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

8CVSS7.8AI score0.01906EPSS
Exploits0References2
OSV
OSV
added 2018/02/09 8:29 p.m.8 views

CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

8CVSS6.8AI score0.01906EPSS
Exploits0References2
OSV
OSV
added 2018/02/09 8:29 p.m.2 views

DEBIAN-CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

8CVSS8AI score0.01906EPSS
Exploits0References1
Rows per page
Query Builder