Puppet Enterprise Security Vulnerabilities and Issues — Puppet Enterprise CVE List

Lucene search

PuppetPuppet Enterprise

7 matches found

CVE•added 2021/11/18 3:15 p.m.•328 views

CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

9.8CVSS7.8AI score0.03066EPSS

CVE•added 2021/11/18 3:15 p.m.•135 views

CVE-2021-27025

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

6.5CVSS6.3AI score0.00166EPSS

CVE•added 2021/07/20 11:15 a.m.•45 views

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

8.8CVSS8.8AI score0.01037EPSS

CVE•added 2021/08/30 6:15 p.m.•43 views

CVE-2021-27019

PuppetDB logging included potentially sensitive system information.

4.3CVSS4.5AI score0.00204EPSS

CVE•added 2021/09/07 2:15 p.m.•41 views

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

4.9CVSS5AI score0.00335EPSS

CVE•added 2021/08/30 6:15 p.m.•38 views

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.

8.8CVSS8.6AI score0.0082EPSS

CVE•added 2021/11/18 3:15 p.m.•36 views

CVE-2021-27026

A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged

4.4CVSS4.6AI score0.00058EPSS