Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Puppet Enterprise Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2013-1640

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

7AI Score

0.024EPSS

2013-03-20 04:55 PM
59
cve
cve

CVE-2016-2786

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

9.8CVSS

9.4AI Score

0.004EPSS

2016-06-10 03:59 PM
40
4
cve
cve

CVE-2016-2788

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

9.8CVSS

9.6AI Score

0.017EPSS

2017-02-13 06:59 PM
35
cve
cve

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS sc...

9.8CVSS

9.2AI Score

0.002EPSS

2018-08-24 01:29 PM
35
cve
cve

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.

9.8CVSS

9.7AI Score

0.002EPSS

2018-06-11 08:29 PM
35
cve
cve

CVE-2019-10694

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1...

9.8CVSS

9.4AI Score

0.002EPSS

2019-12-12 12:15 AM
109
cve
cve

CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

9.8CVSS

7.8AI Score

0.006EPSS

2021-11-18 03:15 PM
306
cve
cve

CVE-2023-2530

A privilege escalation allowing remote code execution was discovered in the orchestration service.

9.8CVSS

9.9AI Score

0.004EPSS

2023-06-07 08:15 PM
36
cve
cve

CVE-2023-5309

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.

9.8CVSS

9.3AI Score

0.001EPSS

2023-11-07 07:15 PM
21