Puppet Labs Puppet
By the Year
In 2023 there have been 0 vulnerabilities in Puppet Labs Puppet . Puppet did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 5.40 |
It may take a day or so for new Puppet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Puppet Labs Puppet Security Vulnerabilities
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise
CVE-2018-6510
5.4 - Medium
- May 08, 2018
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
XSS
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise
CVE-2018-6511
5.4 - Medium
- May 08, 2018
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
XSS
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1
CVE-2013-4969
- January 07, 2014
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
insecure temporary file
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might
CVE-2012-3408
- August 06, 2012
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Puppet Enterprise or by Puppet Labs? Click the Watch button to subscribe.
