Puppetlabs

Puppet

30 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2012-1987

  • EPSS 0.74%
  • Published 29.05.2012 20:55:07
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (m...

2.1

CVE-2012-1986

  • EPSS 0.37%
  • Published 29.05.2012 20:55:07
  • Last modified 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbi...

3.3

CVE-2012-1906

  • EPSS 0.06%
  • Published 29.05.2012 20:55:07
  • Last modified 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwr...

4.4

CVE-2012-1054

  • EPSS 0.07%
  • Published 29.05.2012 20:55:07
  • Last modified 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k...

6.9

CVE-2012-1053

  • EPSS 0.04%
  • Published 29.05.2012 20:55:07
  • Last modified 11.04.2025 00:51:21

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which al...

5

CVE-2011-3848

  • EPSS 0.43%
  • Published 27.10.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the...

2.6

CVE-2011-3872

  • EPSS 2.78%
  • Published 27.10.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the cer...

6.2

CVE-2011-3871

  • EPSS 0.04%
  • Published 27.10.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

6.3

CVE-2011-3870

  • EPSS 0.03%
  • Published 27.10.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

6.3

CVE-2011-3869

  • EPSS 0.04%
  • Published 27.10.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.