Puppet

Puppet Enterprise

87 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-4971

  • EPSS 0.25%
  • Published 09.03.2014 13:16:56
  • Last modified 12.04.2025 10:46:40

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.

6.4

CVE-2013-4966

  • EPSS 0.22%
  • Published 09.03.2014 13:16:56
  • Last modified 12.04.2025 10:46:40

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

2.1

CVE-2013-4969

  • EPSS 0.05%
  • Published 07.01.2014 18:55:06
  • Last modified 11.04.2025 00:51:21

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

5

CVE-2013-4965

  • EPSS 0.81%
  • Published 25.10.2013 23:55:04
  • Last modified 11.04.2025 00:51:21

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

6.8

CVE-2013-4957

  • EPSS 0.43%
  • Published 25.10.2013 23:55:04
  • Last modified 11.04.2025 00:51:21

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

5.1

CVE-2013-4761

  • EPSS 0.62%
  • Published 20.08.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service....

5.8

CVE-2013-4762

  • EPSS 0.24%
  • Published 20.08.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.

5.8

CVE-2013-4955

  • EPSS 0.22%
  • Published 20.08.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

3.6

CVE-2013-4956

  • EPSS 0.11%
  • Published 20.08.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were origi...

6.9

CVE-2013-4958

  • EPSS 0.04%
  • Published 20.08.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.