Puppet Puppet Labs Puppet

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Puppet Labs Puppet.

EOL Dates

Ensure that you are using a supported version of Puppet Labs Puppet. Here are some end of life, and end of support dates for Puppet Labs Puppet.

Release EOL Date Status
8 -
Active

7 February 28, 2025
EOL

Puppet Labs Puppet 7 became EOL in 2025.

6 February 1, 2023
EOL

Puppet Labs Puppet 6 became EOL in 2023.

5 January 1, 2021
EOL

Puppet Labs Puppet 5 became EOL in 2021.

4 October 1, 2018
EOL

Puppet Labs Puppet 4 became EOL in 2018.

3 January 1, 2017
EOL

Puppet Labs Puppet 3 became EOL in 2017.

By the Year

In 2025 there have been 0 vulnerabilities in Puppet Labs Puppet. Puppet did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 2 5.40

It may take a day or so for new Puppet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Puppet Labs Puppet Security Vulnerabilities

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise

CVE-2018-6510 5.4 - Medium - May 08, 2018

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.

XSS

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise

CVE-2018-6511 5.4 - Medium - May 08, 2018

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.

XSS

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1

CVE-2013-4969 - January 07, 2014

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

insecure temporary file

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might

CVE-2012-3408 - August 06, 2012

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Puppet Enterprise or by Puppet Labs? Click the Watch button to subscribe.

Puppet Labs
Vendor

subscribe