Puppet Puppet Enterprise — known CVE vulnerabilities
Every CVE whose affected-product data names Puppet Puppet Enterprise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (89)
CVE-2021-27023 — CVSS 9.8 (critical): A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a…
CVE-2016-2786 — CVSS 9.8 (critical): The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server…
CVE-2018-11749 — CVSS 9.8 (critical): When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server…
CVE-2018-6512 — CVSS 9.8 (critical): The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases…
CVE-2019-10694 — CVSS 9.8 (critical): The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the…
CVE-2016-2788 — CVSS 9.8 (critical): MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors…
CVE-2013-1640 — CVSS 9.0 (critical): The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before…
CVE-2018-6513 — CVSS 8.8 (high): Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1…
CVE-2015-5686 — CVSS 8.8 (high): Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This…
CVE-2016-5716 — CVSS 8.8 (high): The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code…
CVE-2021-27021 — CVSS 8.8 (high): A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL…
CVE-2021-27020 — CVSS 8.8 (high): Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
CVE-2015-7330 — CVSS 8.8 (high): Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet…
CVE-2025-5459 — CVSS 8.8 (high): A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on…
CVE-2013-1398 — CVSS 8.5 (high): The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which…
CVE-2018-6508 — CVSS 8.0 (high): Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the…
CVE-2017-2297 — CVSS 7.5 (high): Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens…
CVE-2017-7529 — CVSS 7.5 (high): Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module…
CVE-2013-1655 — CVSS 7.5 (high): Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via…
CVE-2017-2294 — CVSS 7.5 (high): Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in…
CVE-2020-7943 — CVSS 7.5 (high): Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may…
CVE-2013-3567 — CVSS 7.5 (high): Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote…
CVE-2016-5714 — CVSS 7.2 (high): Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host…
CVE-2013-1653 — CVSS 7.1 (high): Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when…
CVE-2012-1053 — CVSS 6.9 (medium): The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and…
CVE-2013-4958 — CVSS 6.9 (medium): Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an…
CVE-2023-5309 — CVSS 6.8 (medium): Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML…
CVE-2013-1399 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user…
CVE-2013-4957 — CVSS 6.8 (medium): The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
CVE-2013-4963 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the…
CVE-2015-4100 — CVSS 6.8 (medium): Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client…
CVE-2017-2296 — CVSS 6.5 (medium): In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group…
CVE-2017-10690 — CVSS 6.5 (medium): In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to…
CVE-2013-2274 — CVSS 6.5 (medium): Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the…
CVE-2021-27025 — CVSS 6.5 (medium): A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service…
CVE-2015-8470 — CVSS 6.5 (medium): The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session…
CVE-2013-4966 — CVSS 6.4 (medium): The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows…
CVE-2014-3248 — CVSS 6.2 (medium): Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x…
CVE-2015-6502 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary…
CVE-2013-4968 — CVSS 6.1 (medium): Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console…
CVE-2015-6501 — CVSS 6.1 (medium): Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web…
CVE-2016-5715 — CVSS 6.1 (medium): Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users…
CVE-2012-1988 — CVSS 6.0 (medium): Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows…
CVE-2015-1855 — CVSS 5.9 (medium): verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does…
CVE-2013-4762 — CVSS 5.8 (medium): Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to…
CVE-2013-4962 — CVSS 5.8 (medium): The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify…
CVE-2013-4955 — CVSS 5.8 (medium): Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web…
CVE-2017-10689 — CVSS 5.5 (medium): In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10…
CVE-2018-6510 — CVSS 5.4 (medium): A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet…
CVE-2018-6511 — CVSS 5.4 (medium): A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet…
CVE-2016-2787 — CVSS 5.3 (medium): The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker…
CVE-2023-1894 — CVSS 5.3 (medium): A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to…
CVE-2016-9686 — CVSS 5.3 (medium): The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP…
CVE-2013-4761 — CVSS 5.1 (medium): Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before…
CVE-2014-3249 — CVSS 5.0 (medium): Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding…
CVE-2013-1654 — CVSS 5.0 (medium): Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol…
CVE-2013-2716 — CVSS 5.0 (medium): Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when…
CVE-2013-4961 — CVSS 5.0 (medium): Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers…
CVE-2013-4964 — CVSS 5.0 (medium): Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote…
CVE-2013-4965 — CVSS 5.0 (medium): Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier…
CVE-2013-4967 — CVSS 5.0 (medium): Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded…
CVE-2013-4971 — CVSS 5.0 (medium): Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain…
CVE-2013-1652 — CVSS 4.9 (medium): Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote…
CVE-2017-2293 — CVSS 4.9 (medium): Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to…
CVE-2021-27022 — CVSS 4.9 (medium): A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being…
CVE-2015-7328 — CVSS 4.7 (medium): Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private…
CVE-2014-3251 — CVSS 4.4 (medium): The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new…
CVE-2012-1054 — CVSS 4.4 (medium): Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a…
CVE-2023-5255 — CVSS 4.4 (medium): For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
CVE-2021-27026 — CVSS 4.4 (medium): A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
CVE-2012-0891 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before…
CVE-2012-3867 — CVSS 4.3 (medium): lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not…
CVE-2012-3864 — CVSS 4.0 (medium): Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files…
CVE-2012-5158 — CVSS 4.0 (medium): Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote…
CVE-2013-2275 — CVSS 4.0 (medium): The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and…
CVE-2014-9355 — CVSS 4.0 (medium): Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by…
CVE-2012-1989 — CVSS 3.6 (low): telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite…
CVE-2013-4956 — CVSS 3.6 (low): Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x…
CVE-2012-3865 — CVSS 3.5 (low): Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise…
CVE-2012-1987 — CVSS 3.5 (low): Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x…
CVE-2012-1906 — CVSS 3.3 (low): Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses…
CVE-2011-3872 — CVSS 2.6 (low): Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent…
CVE-2012-3408 — CVSS 2.6 (low): lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames…
CVE-2012-1986 — CVSS 2.1 (low): Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows…
CVE-2013-4959 — CVSS 2.1 (low): Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow…
CVE-2012-3866 — CVSS 2.1 (low): lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml…
CVE-2013-4969 — CVSS 2.1 (low): Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite…