91 matches found
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
DEBIAN-CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
Heap overflow
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
UBUNTU-CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
CVE-2021-27023
CVE-2021-27023 affects Puppet Agent and Puppet Server and is an information disclosure vulnerability where HTTP credentials can leak when following redirects to a different host. The description notes a flaw in how HTTP redirects are handled, similar to CVE-2018-1000007. The NVD metrics indicate ...
PT-2021-8198 · Puppet +3 · Puppet Agent +4
Name of the Vulnerable Software and Affected Versions: Puppet Agent and Puppet Server affected versions not specified Description: A flaw in Puppet Agent and Puppet Server may result in a leak of HTTP credentials when following HTTP redirects to a different host. This issue is related to the...
Puppet Server Information Disclosure Vulnerability
Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...
Puppet Server 安全漏洞
Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...
Puppet Server 日志信息泄露漏洞
Puppet Server is a software from US-based Puppet Labs for pushing configurations from a master server to other servers. Puppet Server suffers from a logging information disclosure vulnerability that stems from the possibility that the software may be logging some sensitive program parameters...
puppet: puppet server and puppetDB may leak sensitive information via metrics API
A flaw was found where the metrics API endpoints of Puppet Server and PuppetDB leaked sensitive information to the local network. Listening to these network endpoints could allow attackers the ability to exploit additional computer systems. The highest impact of this flaw is confidentiality...
CVE-2020-7943
A flaw was found where the metrics API endpoints of Puppet Server and PuppetDB leaked sensitive information to the local network. Listening to these network endpoints could allow attackers the ability to exploit additional computer systems. The highest impact of this flaw is confidentiality...
FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)
Puppetlabs reports : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as...
Puppet Server metrics API information disclosure vulnerability
Puppet Server is a software for pushing configurations from a master server to other servers. An information disclosure vulnerability exists in the Puppet Server metrics API, which can be exploited by a remote attacker to submit a special request and obtain sensitive information...
DEBIAN-CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
Design/Logic Flaw
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
UBUNTU-CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...