Puppet Enterprise@2017.3.0 Security Vulnerabilities and Issues — Puppet Enterprise@2017.3.0 CVE List

Lucene search

PuppetPuppet Enterprise2017.3.0

3 matches found

CVE•added 2018/02/09 8:29 p.m.•53 views

CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this v...

8CVSS7.7AI score0.00905EPSS

CVE•added 2018/08/24 1:29 p.m.•44 views

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS sc...

9.8CVSS9.2AI score0.00154EPSS

CVE•added 2018/06/11 8:29 p.m.•44 views

CVE-2018-6513

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileg...

8.8CVSS6.9AI score0.00374EPSS