CVE-2017-7529

The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...

CVE-2021-27023

CVE-2021-27023 affects Puppet Agent and Puppet Server and is an information disclosure vulnerability where HTTP credentials can leak when following redirects to a different host. The description notes a flaw in how HTTP redirects are handled, similar to CVE-2018-1000007. The NVD metrics indicate ...

CVE-2023-1894

CVE-2023-1894 is a ReDoS affecting Puppet Server 7.9.2 during certificate validation. The vulnerability arises from crafted certificate names and results in significantly slowed server operations. Public details in the provided documents confirm Puppet Server as the affected component and describ...

CVE-2015-1855

CVE-2015-1855 affects Ruby’s OpenSSL hostname matching: the OpenSSL extension fails to validate hostnames, allowing server spoofing. Affected: Ruby/OpenSSL before 2.0.0 patchlevel 645; 2.1.x before 2.1.6; 2.2.x before 2.2.2. Root cause: permissive hostname matching (wildcards, IDNA, case, non‑ASC...

CVE-2023-5255

CVE-2023-5255 describes a flaw in Puppet Server where certificates using the auto-renew feature cannot be revoked, per the NVD entry. The CVE notes an impact of high availability disruption (availability impact A:H) with no confidentiality or integrity impact, and no user interaction required. Th...

CVE-2021-27025

CVE-2021-27025 affects Puppet Agent, where the agent may silently ignore Augeas settings or be vulnerable to a Denial of Service condition prior to the first pluginsync. The connected materials tie this issue to Puppet Agent across multiple contexts (including Puppet Enterprise and various Linux ...

CVE-2020-7943

CVE-2020-7943 affects Puppet Server and PuppetDB, where the metrics API endpoints may disclose sensitive information. The issue stems from exposed metrics data (for PuppetDB: hostnames; for Puppet Server: resource names, titles, function names, and class names) when these endpoints were accessibl...

CVE-2013-3567

Summary: CVE-2013-3567 affects Puppet 2.7.x < 2.7.22, 3.2.x < 3.2.2, and Puppet Enterprise = 2.7.22 for 2.7.x, >= 3.2.2 for 3.2.x, or >= 2.8.2 for Puppet Enterprise.

CVE-2014-3248

CVE-2014-3248 documents an untrusted search path vulnerability affecting Puppet-related components. Affected software includes Puppet Enterprise 2.8 (before 2.8.7), Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, runn...

CVE-2019-10694

CVE-2019-10694 affects Puppet Enterprise where the Express install could leave an overlooked default password for the admin user if the user did not use the URL provided to set the password. The issue is resolved in Puppet Enterprise 2019.0.3 and in 2018.1.9. The public descriptions consistently ...

CVE-2017-10689

CVE-2017-10689 affects Puppet-related tarball handling. According to connected advisories, Puppet could install modules with insecure permissions when unpacking tarballs, potentially enabling local code execution. Root cause: tar/mini.rb unpacking may preserve or impose unsafe permissions from th...

CVE-2012-3866

Puppet 2.7.x before 2.7.18 and Puppet Enterprise before 2.5.2 fix a local information-disclosure issue: last_run_report.yaml is created with 0644 permissions, allowing local users with puppet-master access to read sensitive configuration. The vulnerability is limited to local access; no exploitat...

CVE-2013-1655

CVE-2013-1655 affects Puppet with Ruby 1.9.3+ and is triggered via serialized attributes to allow remote code execution. Public sources identify Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1 as vulnerable, with implications of remote code execution by unauthenticated attackers and potential d...

CVE-2013-4761

The CVE-2013-4761 issue affects Puppet and Puppet Enterprise: remote attackers can execute arbitrary Ruby code from the master via the resource_type service, exploiting it only when local file system access to the Puppet Master is possible. Affected lines include Puppet 2.7.x before 2.7.23, 3.2.x...

CVE-2012-3865

The CVE-2012-3865 entry concerns Puppet and Puppet Enterprise: a directory traversal flaw in lib/puppet/reports/store.rb that, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master by supplying a .. in a node name. Affected are Puppe...

CVE-2012-3867

CVE-2012-3867 affects Puppet modules where CSR Common Name validation is lax in Puppet before 2.6.17 and in 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2. This allows user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequenc...

CVE-2012-1906

CVE-2012-1906 affects Puppet 2.6.x (before 2.6.15), 2.7.x (before 2.7.13), and Puppet Enterprise users 1.0–2.5.x before 2.5.1. The root cause is the use of predictable file names when installing Mac OS X packages from a remote source, enabling a local attacker to overwrite arbitrary files or inst...

CVE-2013-4969

CVE-2013-4969 affects Puppet before 3.3.3 and 3.4 before 3.4.1, and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1, allowing local users to overwrite arbitrary files via a symlink attack. Connected advisories indicate fixes with Puppet packages updated to 2.7.25 (e.g., Mageia MDVSA-2014:040 ...

CVE-2017-2296

CVE-2017-2296 affects Puppet Enterprise 2017.1.x and 2017.2.1. The vulnerability is a denial-of-service caused by processing specially formatted strings used as Classifier node group names or RBAC role display names, which triggers errors in the service. A fix was released in Puppet Enterprise 20...

CVE-2012-1988

CVE-2012-1988 affects Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, plus Puppet Enterprise users 1.0–2.5.x before 2.5.1. A remote authenticated user with agent SSL keys and file-creation permissions on the Puppet master can craft a file path containing shell metacharacters and trigger arbit...

CVE-2013-1640

CVE-2013-1640 affects Puppet master handling of template and inline_template functions. The flaw allows remote authenticated users to execute arbitrary code via a crafted catalog request. Affected versions include Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, as well as Puppe...

CVE-2012-1989

CVE-2012-1989 affects Puppet: telnet.rb in Puppet 2.7.x (before 2.7.13) and Puppet Enterprise 1.2.x, 2.0.x, and 2.5.x (before 2.5.1) allows a local user to perform a symlink attack on the NET::Telnet connection log (/tmp/out.log) and overwrite arbitrary files. Root cause: improper handling of tem...

CVE-2013-4956

CVE-2013-4761 and CVE-2013-4956 affect Puppet and Puppet Enterprise. The resource_type service flaw could allow a local attacker to cause the Puppet Master to load arbitrary Ruby code from the master filesystem, given access to the Puppet Master. Puppet Module Tool (PMT) can install modules with ...

CVE-2012-1986

Puppet CVE-2012-1986 affects Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, plus Puppet Enterprise (PE) 1.0–2.5.x before 2.5.1. Remote authenticated users with an authorized SSL key and certain puppet-master permissions can read arbitrary files via a symlink attack when making a crafted REST...

CVE-2012-1987

CVE-2012-1987 affects Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, plus Puppet Enterprise (PE) Users 1.0–2.5.x before 2.5.1. The vulnerability allows remote authenticated users with agent SSL keys to cause denial of service in two ways: (1) memory exhaustion via a REST request to a stream ...

CVE-2013-1654

CVE-2013-1654 affects Puppet 2.7.x prior to 2.7.21, Puppet 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2. The issue arises from how SSL protocol negotiation occurs between client and master, enabling remote attackers to perform SSLv2 downgrade attacks against SSLv3 sessions via...

CVE-2013-1652

CVE-2013-1652 affects Puppet: remote authenticated users with a valid certificate and key can read arbitrary catalogs or poison the Puppet master’s cache via unspecified vectors. Affected versions include Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, plus Puppet Enterprise be...

CVE-2013-2275

CVE-2013-2275 affects Puppet components where the default /etc/puppet/auth.conf allowed an authenticated node to submit a report for another node. Affected: Puppet masters 0.25.0+ and Puppet versions 2.x (before 2.6.18 for 2.6 line, before 2.7.21 for 2.7 line), 3.1.x before 3.1.1, and Puppet Ente...

CVE-2013-1653

CVE-2013-1653 affects Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1 (and Puppet Enterprise before 1.2.7 / 2.7.x before 2.7.2) when the service is listening for incoming connections and the run REST endpoint is accessible. It allows remote authenticated users to execute arbitra...

CVE-2017-10690

Puppet Agent vulnerability CVE-2017-10690 allowed retrieving facts from an environment the agent was not classified to access. Root cause: environment leakage within the agent’s fact retrieval. Fixes were implemented in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4; other references ...

CVE-2015-5686

Puppet Enterprise Console 3.x is affected by CSRF and clickjacking vulnerabilities leading to possible session hijacking or redirection of user input to untrusted sites. This CVE (CVE-2015-5686) is corroborated by multiple sources in connected documents (e.g., CNVD-2020-17190 and NVD entries) des...

CVE-2012-1053

CVE-2012-1053 affects Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, plus Puppet Enterprise (PE) Users 1.0–2.0.x before 2.0.3. The vulnerability lies in the SUIDManager’s change_user method, which fails to drop supplementary groups in certain cases, allows eguid/egid mismatches, and can add ...

CVE-2012-3864

CVE-2012-3864 affects Puppet up to versions: Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2. The flaw allows remote authenticated users to read arbitrary files on the puppet master by exploiting an authenticated user’s certificate and private key in a GET request...

CVE-2012-1054

CVE-2012-1054 affects Puppet 2.6.x (before 2.6.14), Puppet 2.7.x (before 2.7.11), and Puppet Enterprise (PE) Users 1.0–2.0.x (before 2.0.3). The vulnerability is triggered when managing a user login file via the k5login resource, enabling local privilege escalation through a symlink attack on .k5...

CVE-2012-3408

CVE-2012-3408 affects Puppet: the file lib/puppet/network/authstore.rb in Puppet before 2.7.18 and Puppet Enterprise before 2.5.2 allows use of IP addresses in certnames without warning, which might let remote attackers spoof an agent by reusing a previously seen IP address. The available connect...

CVE-2011-3872

CVE-2011-3872 affects Puppet 2.6.x <2.6.12, 2.7.x <2.7.6, and Puppet Enterprise 1.0–1.2

CVE-2013-2274

Puppet vulnerability CVE-2013-2274 affects Puppet 2.6.x (pre-2.6.18) and Puppet Enterprise 1.2.x (pre-1.2.7). An authenticated attacker could send a crafted report to the puppet master (or an agent with puppet kick enabled) to achieve remote arbitrary code execution. Remediation per RHSA-2013:071...

CVE-2023-2530

CVE-2023-2530 is a remote code execution vulnerability in Puppet's orchestration service that enables privilege escalation. Public details across multiple sources indicate the issue affects Puppet Enterprise versions prior to 2021.0 in the 2021.x line and prior to 2023.2 in the 2023.x line (per N...

CVE-2013-4971

CVE-2013-4971 affects Puppet Enterprise before 3.2.0. The vulnerability is an information disclosure caused by improper restriction of access to node endpoints in the console, enabling remote attackers to obtain sensitive data via unspecified vectors. The connected Nessus entry notes this CVE alo...

CVE-2013-4961

CVE-2013-4961 affects Puppet Enterprise prior to 3.0.1. The vulnerability is an information disclosure where the HTTP response headers reveal version information for Apache and Phusion Passenger, allowing remote attackers to obtain sensitive details about the server stack. Publicly documented acr...

CVE-2018-6510

CVE-2018-6510 describes a cross-site scripting vulnerability in Puppet Enterprise Console (used with the Orchestrator). The issue allows an attacker to inject scripts into the Puppet Enterprise Console and is tied to Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. The root cause is improp...

CVE-2021-27021

CVE-2021-27021 affects Puppet DB. A flaw enables privilege escalation that allows a user to delete tables via an SQL query. This is corroborated across NVD, OSV, Nessus/NASL plugins, and OSV Debian/Ubuntu entries. The connected documents do not specify affected versions, root cause details, explo...

CVE-2015-4100

CVE-2015-4100 affects Puppet Enterprise 3.7.x and 3.8.0, where remote authenticated users can manage certificates for arbitrary nodes by abusing a client certificate trusted by the master (Certificate Authority Reverse Proxy vulnerability). The issue is rooted in how certificates are trusted/hand...

CVE-2016-2786

The CVE-2016-2786 entry affects the pxp-agent component in Puppet Enterprise 2015.3.x (before 2015.3.3) and Puppet Agent 1.3.x (before 1.3.6), where improper validation of server certificates may allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. Thi...

CVE-2016-2788

CVE-2016-2788 affects MCollective in Puppet Enterprise (2.7.0 and 2.8.x prior to 2.8.9). The vulnerability allows a remote attacker to execute arbitrary code via vectors related to the mco ping command, due to insecure processing within the mcollective component used by Puppet Enterprise. The con...

CVE-2016-5715

CVE-2016-5715 affects Puppet Enterprise Console: open redirect in the login redirect parameter on Puppet Enterprise 2015.x and 2016.x before 2016.4.0. Root cause described as an incomplete fix for CVE-2015-6501. Impact: attackers can lure users to arbitrary sites via a crafted //domain URL. The v...

CVE-2012-5158

Puppet Enterprise 2.x prior to 2.6.1 is affected by a session-handling weakness: when the session secret changes, sessions are not properly invalidated, allowing an authenticated remote user to retain access via unspecified vectors. Affected component is the PE 2.x session management; root cause ...

CVE-2018-6508

CVE-2018-6508 affects Puppet Enterprise 2017.3.x before 2017.3.3. It is a remote code execution vulnerability caused by accepting a specially crafted string in the facter_task or puppet_conf tasks. The issue only impacts the affected tasks/modules; if puppet tasks are not used, you may not be aff...

CVE-2014-3251

CVE-2014-3251 affects the MCollective aes_security plugin used with Puppet Enterprise before 3.3.0 and MCollective before 2.5.3. The issue is improper validation of new server certificates based on the CA certificate, allowing a local attacker to establish unauthorized MCollective connections via...

CVE-2016-2787

CVE-2016-2787 affects Puppet Enterprise 2015.x (specifically 2015.3.x before 2015.3.3). The vulnerability arises from improper validation of broker node certificates in the Puppet Communications Protocol, enabling remote non-whitelisted hosts to prevent Puppet runs via unspecified vectors. The li...