Puppet

Puppet

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2013-2275

  • EPSS 0.38%
  • Veröffentlicht 20.03.2013 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for oth...

6.5

CVE-2013-2274

  • EPSS 1.85%
  • Veröffentlicht 20.03.2013 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

5

CVE-2013-1654

  • EPSS 0.51%
  • Veröffentlicht 20.03.2013 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessio...

7.1

CVE-2013-1653

  • EPSS 1.55%
  • Veröffentlicht 20.03.2013 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote ...

4.9

CVE-2013-1652

  • EPSS 0.31%
  • Veröffentlicht 20.03.2013 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's ...

9

CVE-2013-1640

  • EPSS 1.95%
  • Veröffentlicht 20.03.2013 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbit...

4.3

CVE-2012-3867

Exploit
  • EPSS 1.42%
  • Veröffentlicht 06.08.2012 16:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it eas...

2.1

CVE-2012-3866

Exploit
  • EPSS 0.05%
  • Veröffentlicht 06.08.2012 16:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master...

3.5

CVE-2012-3865

Exploit
  • EPSS 2.15%
  • Veröffentlicht 06.08.2012 16:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on ...

4

CVE-2012-3864

Exploit
  • EPSS 0.31%
  • Veröffentlicht 06.08.2012 16:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.