Puppet

Puppet Enterprise

87 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-4971

  • EPSS 0.25%
  • Veröffentlicht 09.03.2014 13:16:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.

6.4

CVE-2013-4966

  • EPSS 0.22%
  • Veröffentlicht 09.03.2014 13:16:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

2.1

CVE-2013-4969

  • EPSS 0.05%
  • Veröffentlicht 07.01.2014 18:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

5

CVE-2013-4965

  • EPSS 0.81%
  • Veröffentlicht 25.10.2013 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

6.8

CVE-2013-4957

  • EPSS 0.43%
  • Veröffentlicht 25.10.2013 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

5.1

CVE-2013-4761

  • EPSS 0.62%
  • Veröffentlicht 20.08.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service....

5.8

CVE-2013-4762

  • EPSS 0.24%
  • Veröffentlicht 20.08.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.

5.8

CVE-2013-4955

  • EPSS 0.22%
  • Veröffentlicht 20.08.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

3.6

CVE-2013-4956

  • EPSS 0.11%
  • Veröffentlicht 20.08.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were origi...

6.9

CVE-2013-4958

  • EPSS 0.04%
  • Veröffentlicht 20.08.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.