Every CVE whose affected-product data names Puppet Puppet Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-27023 — CVSS 9.8 (critical): A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a…
CVE-2016-2785 — CVSS 9.8 (critical): Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers…
CVE-2020-7943 — CVSS 7.5 (high): Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may…
CVE-2018-11751 — CVSS 5.4 (medium): Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in…
CVE-2023-1894 — CVSS 5.3 (medium): A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to…
CVE-2023-5255 — CVSS 4.4 (medium): For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
CVE-2014-7170 — CVSS 1.9 (low): Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or…