Puppet Enterprise Security Vulnerabilities and Issues — Puppet Enterprise CVE List

Lucene search

PuppetPuppet Enterprise

3 matches found

CVE•added 2023/05/04 11:15 p.m.•138 views

CVE-2023-1894

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

5.3CVSS5.3AI score0.00045EPSS

CVE•added 2023/06/07 8:15 p.m.•61 views

CVE-2023-2530

A privilege escalation allowing remote code execution was discovered in the orchestration service.

9.8CVSS9.9AI score0.03033EPSS

CVE•added 2023/11/07 7:15 p.m.•38 views

CVE-2023-5309

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.

9.8CVSS7.3AI score0.00289EPSS