Skip to main content

Puppet Server

6 CVEs product

Monthly

CVE-2023-5255 HIGH This Week

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise Puppet Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1894 MEDIUM This Month

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Puppet Enterprise Puppet Server
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-27023 Ruby CRITICAL PATCH Act Now

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Agent Puppet Enterprise Puppet Server Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-7943 HIGH POC This Week

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Enterprise Puppet Server Puppetdb
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2016-2785 Ruby CRITICAL PATCH Act Now

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Puppet Puppet Server Puppet Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2014-7170 LOW Monitor

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Information Disclosure Puppet Server
NVD
CVSS 2.0
1.9
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise Puppet Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Puppet Enterprise Puppet Server
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Agent Puppet Enterprise +2
NVD
EPSS 8% CVSS 7.5
HIGH POC This Week

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Enterprise Puppet Server +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Puppet Puppet Server +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW Monitor

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Information Disclosure Puppet Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy