Search CVE reports
21 – 30 of 80 results
CVE-2018-6508
Medium priorityPuppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected...
3 affected packages
puppet-module-puppetlabs-apache, puppet-module-puppetlabs-apt, puppet-module-puppetlabs-mysql
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet-module-puppetlabs-apache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
puppet-module-puppetlabs-apt | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
puppet-module-puppetlabs-mysql | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2017-10690
Medium priorityIn previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2017-10689
Medium prioritySome fixes available 2 of 3
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | Not affected | Not affected | Not affected | Fixed |
CVE-2015-7224
Medium prioritypuppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
1 affected package
puppet-module-puppetlabs-mysql
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet-module-puppetlabs-mysql | — | — | — | — | — |
CVE-2015-4100
Medium priorityPuppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2014-3250
Low priorityThe default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2016-5713
Low priorityVersions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2016-5714
Medium priorityPuppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2017-2299
Medium priorityVersions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be...
1 affected package
puppet-module-puppetlabs-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet-module-puppetlabs-apache | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-2294
Low priorityVersions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |