Puppet Labs Puppet
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Puppet Labs Puppet.
EOL Dates
Ensure that you are using a supported version of Puppet Labs Puppet. Here are some end of life, and end of support dates for Puppet Labs Puppet.
| Release | EOL Date | Status |
|---|---|---|
| 8 | - |
Active
|
| 7 | February 28, 2025 |
EOL
Puppet Labs Puppet 7 became EOL in 2025. |
| 6 | February 1, 2023 |
EOL
Puppet Labs Puppet 6 became EOL in 2023. |
| 5 | January 1, 2021 |
EOL
Puppet Labs Puppet 5 became EOL in 2021. |
| 4 | October 1, 2018 |
EOL
Puppet Labs Puppet 4 became EOL in 2018. |
| 3 | January 1, 2017 |
EOL
Puppet Labs Puppet 3 became EOL in 2017. |
By the Year
In 2025 there have been 0 vulnerabilities in Puppet Labs Puppet. Puppet did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 5.40 |
It may take a day or so for new Puppet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Puppet Labs Puppet Security Vulnerabilities
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise
CVE-2018-6510
5.4 - Medium
- May 08, 2018
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
XSS
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise
CVE-2018-6511
5.4 - Medium
- May 08, 2018
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
XSS
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1
CVE-2013-4969
- January 07, 2014
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
insecure temporary file
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might
CVE-2012-3408
- August 06, 2012
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Puppet Enterprise or by Puppet Labs? Click the Watch button to subscribe.
