182 matches found
Puppet Agent 6.x < 6.25.1 / 7.x < 7.12.1 Vulnerability
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...
Puppet Agent 5.x < 5.5.22 / 6.x < 6.19.0 Vulnerability
On August 19, 2020, curl published security updates addressing CVE-2020-8231. Previous releases of Puppet Agent contain a vulnerable version of curl. For more information about this vulnerability, refer to the security announcement for CVE-2020-8231. Note that Nessus has not tested for this issue...
Puppet Agent < 7.1.0 Vulnerability
On December 9, 2020, curl published security updates addressing CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286. Previous releases of Puppet Agent contain a vulnerable version of curl. For more information about this vulnerability, refer to the security announcement. Note that Nessus has not test...
Puppet Agent 7.x < 7.4.0 Deserialization Vulnerability
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Amazon Linux 2 : emr-puppet (ALASEMR-PUPPET-2023-001)
The version of emr-puppet installed on the remote host is prior to 6.17.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2EMR-PUPPET-2023-001 advisory. A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a...
Medium: emr-puppet
Issue Overview: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. CVE-2021-27025 Affected Packages: emr-puppet Note: This advisory is applicable to Amazon Linux 2 -...
SUSE CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
SUSE CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate...
SUSE CVE-2017-10689
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...
SUSE CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
SUSE CVE-2021-27017
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...
SUSE CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'...
puppet: silent configuration failure in agent
A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...
puppet: silent configuration failure in agent
A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...
RHEL 6 / 7 / 8 : Satellite Tools 6.10.5 Async Bug Fix Update (Important) (RHSA-2022:4866)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4866 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...
Important: Red Hat Security Advisory: Satellite Tools 6.10.5 Async Bug Fix Update
Updated Satellite 6.10 Tools packages that fix several bugs are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
puppet: silent configuration failure in agent
A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...
puppet: unsafe HTTP redirect
An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...
puppet: silent configuration failure in agent
A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...
Important: Red Hat Security Advisory: Satellite Tools 6.9.9 Async Bug Fix Update
Updated Satellite 6.9 Tools packages that fix several bugs are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...