Puppet Enterprise@2018.1.0 Security Vulnerabilities and Issues — Puppet Enterprise@2018.1.0 CVE List

Lucene search

PuppetPuppet Enterprise2018.1.0

3 matches found

CVE•added 2018/08/24 1:29 p.m.•44 views

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS sc...

9.8CVSS9.2AI score0.00154EPSS

CVE•added 2018/06/11 8:29 p.m.•44 views

CVE-2018-6513

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileg...

8.8CVSS6.9AI score0.00374EPSS

CVE•added 2018/06/11 8:29 p.m.•43 views

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.

9.8CVSS9.7AI score0.0118EPSS