) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:puppet:puppet:3.7.0:*:*:*:enterprise:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-27021 |
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. Published: July 20, 2021; 7:15:11 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2017-10690 |
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4 Published: February 09, 2018; 3:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2017-10689 |
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. Published: February 09, 2018; 3:29:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2017-2295 |
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. Published: July 05, 2017; 11:29:00 AM -0400 |
V3.0: 8.2 HIGH V2.0: 6.0 MEDIUM |