Puppet Enterprise CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (28 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2012-1989	2 Puppet, Puppetlabs	3 Puppet, Puppet Enterprise, Puppet	2025-04-11	N/A
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
CVE-2013-1654	4 Canonical, Puppet, Puppetlabs and 1 more	5 Ubuntu Linux, Puppet, Puppet Enterprise and 2 more	2025-04-11	N/A
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
CVE-2012-1054	2 Puppet, Puppetlabs	4 Puppet, Puppet Enterprise, Puppet and 1 more	2025-04-11	N/A
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
CVE-2012-1053	2 Puppet, Puppetlabs	4 Puppet, Puppet Enterprise, Puppet and 1 more	2025-04-11	N/A
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
CVE-2012-1986	3 Cloudforms Cloudengine, Puppet, Puppetlabs	5 1, Puppet, Puppet Enterprise and 2 more	2025-04-11	N/A
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
CVE-2012-3864	3 Cloudforms Cloudengine, Puppet, Puppetlabs	4 1, Puppet, Puppet Enterprise and 1 more	2025-04-11	N/A
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
CVE-2012-3866	2 Puppet, Puppetlabs	3 Puppet, Puppet Enterprise, Puppet	2025-04-11	N/A
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
CVE-2013-2274	3 Puppet, Puppetlabs, Redhat	4 Puppet, Puppet Enterprise, Puppet and 1 more	2025-04-11	N/A
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

« first previous Page 2 of 2.