Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
PuppetPuppet Enterprise*

62 matches found

CVE
CVEadded 2021/09/07 2:15 p.m.41 views

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

4.9CVSS5AI score0.00335EPSS
CVE
CVEadded 2013/04/10 3:55 p.m.40 views

CVE-2013-2716

Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.

5CVSS6.7AI score0.00298EPSS
CVE
CVEadded 2013/08/20 10:55 p.m.39 views

CVE-2013-4967

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

5CVSS6.9AI score0.0025EPSS
CVE
CVEadded 2017/12/11 5:29 p.m.39 views

CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

6.5CVSS6.3AI score0.00308EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.38 views

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.

8.8CVSS8.6AI score0.0082EPSS
CVE
CVEadded 2023/11/07 7:15 p.m.38 views

CVE-2023-5309

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.

9.8CVSS7.3AI score0.00289EPSS
CVE
CVEadded 2013/08/20 10:55 p.m.37 views

CVE-2013-4959

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.

2.1CVSS5.9AI score0.00056EPSS
CVE
CVEadded 2013/10/25 11:55 p.m.37 views

CVE-2013-4965

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

5CVSS7AI score0.00814EPSS
CVE
CVEadded 2014/12/19 3:59 p.m.37 views

CVE-2014-9355

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

4CVSS6.2AI score0.00095EPSS
CVE
CVEadded 2021/11/18 3:15 p.m.36 views

CVE-2021-27026

A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged

4.4CVSS4.6AI score0.00058EPSS
CVE
CVEadded 2013/10/25 11:55 p.m.34 views

CVE-2013-4957

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

6.8CVSS7.5AI score0.00429EPSS
CVE
CVEadded 2017/12/11 5:29 p.m.31 views

CVE-2015-6502

Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.

6.1CVSS6AI score0.0025EPSS
Total number of security vulnerabilities62