Puppet Puppet Labs Puppet

Do you want an email whenever new security vulnerabilities are reported in Puppet Labs Puppet?

By the Year

In 2024 there have been 0 vulnerabilities in Puppet Labs Puppet . Puppet did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 2 5.40

It may take a day or so for new Puppet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Puppet Labs Puppet Security Vulnerabilities

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise

CVE-2018-6510 5.4 - Medium - May 08, 2018

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.

XSS

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise

CVE-2018-6511 5.4 - Medium - May 08, 2018

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.

XSS

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1

CVE-2013-4969 - January 07, 2014

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

insecure temporary file

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might

CVE-2012-3408 - August 06, 2012

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Puppet Enterprise or by Puppet Labs? Click the Watch button to subscribe.

Puppet Labs
Vendor

subscribe