Lucene search
K

91 matches found

Github Security Blog
Github Security Blog
added 2021/12/02 5:52 p.m.80 views

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS0.3AI score0.01328EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2021/12/02 12:0 a.m.53 views

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS0.3AI score0.01328EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/11/18 3:15 p.m.2 views

DEBIAN-CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS8.2AI score0.01328EPSS
Exploits0References1
Prion
Prion
added 2021/11/18 3:15 p.m.27 views

Heap overflow

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

5CVSS7.5AI score0.08031EPSS
Exploits0References2Affected Software4
OSV
OSV
added 2021/11/18 3:15 p.m.4 views

UBUNTU-CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS5.8AI score0.01328EPSS
Exploits0References5
CVE
CVE
added 2021/11/18 2:33 p.m.359 views

CVE-2021-27023

CVE-2021-27023 affects Puppet Agent and Puppet Server and is an information disclosure vulnerability where HTTP credentials can leak when following redirects to a different host. The description notes a flaw in how HTTP redirects are handled, similar to CVE-2018-1000007. The NVD metrics indicate ...

9.8CVSS7.8AI score0.01328EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2021/11/18 12:0 a.m.3 views

PT-2021-8198 · Puppet +3 · Puppet Agent +4

Name of the Vulnerable Software and Affected Versions: Puppet Agent and Puppet Server affected versions not specified Description: A flaw in Puppet Agent and Puppet Server may result in a leak of HTTP credentials when following HTTP redirects to a different host. This issue is related to the...

10CVSS9.2AI score0.01328EPSS
Exploits0References34
CNVD
CNVD
added 2021/11/13 12:0 a.m.28 views

Puppet Server Information Disclosure Vulnerability

Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...

9.8CVSS8.8AI score0.01328EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.4 views

Puppet Server 安全漏洞

Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...

9.8CVSS5.5AI score0.01328EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.6 views

Puppet Server 日志信息泄露漏洞

Puppet Server is a software from US-based Puppet Labs for pushing configurations from a master server to other servers. Puppet Server suffers from a logging information disclosure vulnerability that stems from the possibility that the software may be logging some sensitive program parameters...

4.4CVSS5.1AI score0.00238EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.5 views

puppet: puppet server and puppetDB may leak sensitive information via metrics API

A flaw was found where the metrics API endpoints of Puppet Server and PuppetDB leaked sensitive information to the local network. Listening to these network endpoints could allow attackers the ability to exploit additional computer systems. The highest impact of this flaw is confidentiality...

7.5CVSS7.3AI score0.07884EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/04/27 8:9 p.m.19 views

CVE-2020-7943

A flaw was found where the metrics API endpoints of Puppet Server and PuppetDB leaked sensitive information to the local network. Listening to these network endpoints could allow attackers the ability to exploit additional computer systems. The highest impact of this flaw is confidentiality...

7.5CVSS3.9AI score0.07884EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/03/24 12:0 a.m.44 views

FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)

Puppetlabs reports : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as...

7.5CVSS7.5AI score0.07884EPSS
Exploits0References3
CNVD
CNVD
added 2020/03/12 12:0 a.m.3 views

Puppet Server metrics API information disclosure vulnerability

Puppet Server is a software for pushing configurations from a master server to other servers. An information disclosure vulnerability exists in the Puppet Server metrics API, which can be exploited by a remote attacker to submit a special request and obtain sensitive information...

7.5CVSS8.4AI score0.07884EPSS
Exploits0References1
OSV
OSV
added 2020/03/11 11:15 p.m.3 views

DEBIAN-CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS7.6AI score0.07884EPSS
Exploits0References1
NVD
NVD
added 2020/03/11 11:15 p.m.30 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS7.3AI score0.07884EPSS
Exploits0References1
OSV
OSV
added 2020/03/11 11:15 p.m.23 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS6.2AI score0.07884EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/03/11 11:15 p.m.20 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS7.1AI score0.07884EPSS
Exploits0References2
Prion
Prion
added 2020/03/11 11:15 p.m.14 views

Design/Logic Flaw

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

5CVSS7.3AI score0.07884EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2020/03/11 11:15 p.m.4 views

UBUNTU-CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS5.8AI score0.07884EPSS
Exploits0References3
Rows per page
Query Builder