Puppet Server@* Security Vulnerabilities and Issues — Puppet Server@* CVE List

Lucene search

PuppetPuppet Server*

3 matches found

CVE•added 2021/11/18 3:15 p.m.•328 views

CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

9.8CVSS7.8AI score0.03066EPSS

CVE•added 2020/03/11 11:15 p.m.•110 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names...

7.5CVSS7.2AI score0.65366EPSS

CVE•added 2019/12/16 10:15 p.m.•82 views

CVE-2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

5.4CVSS5.2AI score0.00223EPSS