Lucene search
K

91 matches found

CVE
CVE
added 2020/03/11 9:56 p.m.149 views

CVE-2020-7943

CVE-2020-7943 affects Puppet Server and PuppetDB, where the metrics API endpoints may disclose sensitive information. The issue stems from exposed metrics data (for PuppetDB: hostnames; for Puppet Server: resource names, titles, function names, and class names) when these endpoints were accessibl...

7.5CVSS7.2AI score0.07884EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2020/03/11 9:56 p.m.34 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.3AI score0.07884EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/03/11 9:56 p.m.18 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS7.6AI score0.07884EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/03/11 12:0 a.m.3 views

PT-2020-19863 · Puppet +1 · Puppet Server +3

Name of the Vulnerable Software and Affected Versions: Puppet Enterprise versions prior to 2018.1.13 Puppet Enterprise versions prior to 2019.5.0 Puppet Server versions prior to 6.9.2 Puppet Server versions prior to 5.3.12 PuppetDB versions prior to 6.9.1 PuppetDB versions prior to 5.2.13...

7.5CVSS8.3AI score0.07884EPSS
Exploits0References14
FreeBSD
FreeBSD
added 2020/03/10 12:0 a.m.24 views

puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API

Puppetlabs reports: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as we...

7.5CVSS7.2AI score0.07884EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/07/06 12:0 a.m.22 views

Puppet Enterprise < 2016.4.5, 2016.5.x < 2017.2.1 Multiple Vulnerabilities

Puppet Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:puppet:enterprise"; if...

9CVSS6.8AI score0.02375EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/10/13 12:0 a.m.12 views

Puppet Server Detection

Binary data 9671.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/10/13 12:0 a.m.14 views

Puppet Server Hostname Detection

Binary data 7233.pasl...

7.3AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/06/10 3:59 p.m.25 views

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

9.8CVSS7.3AI score0.02889EPSS
Exploits0References2
Prion
Prion
added 2016/06/10 3:59 p.m.12 views

Design/Logic Flaw

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

7.5CVSS7.2AI score0.02889EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2016/06/10 3:59 p.m.14 views

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

9.8CVSS9.5AI score0.02889EPSS
Exploits0References3
OSV
OSV
added 2016/06/10 3:59 p.m.8 views

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

9.8CVSS9.4AI score0.02889EPSS
Exploits0References3
CVE
CVE
added 2016/06/10 3:0 p.m.68 views

CVE-2016-2785

CVE-2016-2785 affects Puppet Server prior to 2.3.2, Ruby puppetmaster in Puppet 4.x prior to 4.4.2, and Puppet Agent prior to 1.4.2. The issue allows remote attackers to bypass auth.conf access restrictions by exploiting incorrect URL decoding. Affected components include Puppet Server, Puppet Ma...

9.8CVSS9.3AI score0.02889EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/06/10 3:0 p.m.32 views

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

9.5AI score0.02889EPSS
Exploits0References3
CNVD
CNVD
added 2016/06/07 12:0 a.m.2 views

Puppet Server and Agent Arbitrary Code Execution Vulnerability

Puppet Server and Agent are both U.S. Puppet Labs based on the client/server C/S architecture of the configuration management tool, the tool can be used to manage configuration files, users, cron tasks, packages, system services and so on. An arbitrary code execution vulnerability exists in Puppe...

9.8CVSS6.8AI score0.01563EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/07 12:0 a.m.5 views

Puppet Server and Agent Unauthorized Access Vulnerability

Puppet Server and Agent are both U.S. Puppet Labs based on the client/server C/S architecture of the configuration management tool, the tool can be used to manage configuration files, users, cron tasks, packages, system services and so on. An unauthorized access vulnerability exists in Puppet...

9.8CVSS9.2AI score0.02889EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/06/06 12:0 a.m.28 views

GLSA-201606-02 : Puppet Server and Agent: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-02 Puppet Server and Agent: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Puppet Server and Agent. Please review the CVE identifiers referenced below for details. Impact : Remote attackers,...

9.8CVSS7.7AI score0.02889EPSS
Exploits0References3
NVD
NVD
added 2016/01/08 7:59 p.m.18 views

CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

4.7CVSS4.4AI score0.00173EPSS
Exploits0References1
Prion
Prion
added 2016/01/08 7:59 p.m.12 views

Design/Logic Flaw

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

1.9CVSS6.3AI score0.00173EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2016/01/08 7:59 p.m.22 views

CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

4.7CVSS5.9AI score0.00173EPSS
Exploits0References2
Rows per page
Query Builder