Puppet Enterprise@2.0.1 Security Vulnerabilities and Issues — Puppet Enterprise@2.0.1 CVE List

Lucene search

PuppetPuppet Enterprise2.0.1

7 matches found

CVE•added 2012/05/29 8:55 p.m.•86 views

CVE-2012-1906

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

3.3CVSS6.2AI score0.00063EPSS

CVE•added 2012/06/27 6:55 p.m.•81 views

CVE-2012-1989

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

3.6CVSS6.1AI score0.00094EPSS

CVE•added 2012/05/29 8:55 p.m.•79 views

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction w...

2.1CVSS6AI score0.00374EPSS

CVE•added 2012/05/29 8:55 p.m.•76 views

CVE-2012-1987

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream...

3.5CVSS6.2AI score0.00735EPSS

CVE•added 2012/05/29 8:55 p.m.•71 views

CVE-2012-1053

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors r...

6.9CVSS6.1AI score0.00044EPSS

CVE•added 2012/05/29 8:55 p.m.•67 views

CVE-2012-1054

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

4.4CVSS6.1AI score0.00071EPSS

CVE•added 2014/03/14 4:55 p.m.•44 views

CVE-2013-4963

Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.

6.8CVSS7.8AI score0.00116EPSS