CVE-2024-9160 – Security Misconfiguration in Forge module PEADM
https://notcve.org/view.php?id=CVE-2024-9160
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered. • https://portal.perforce.com/s/detail/a91PA000001SXN3YAO • CWE-295: Improper Certificate Validation •
CVE-2023-5309 – Broken Session Management in Puppet Enterprise
https://notcve.org/view.php?id=CVE-2023-5309
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. Las versiones de Puppet Enterprise anteriores a 2021.7.6 y 2023.5 contienen una falla que resulta en una gestión de sesiones interrumpida para las implementaciones de SAML. • https://www.puppet.com/security/cve/cve-2023-5309-broken-session-management-puppet-enterprise • CWE-384: Session Fixation •
CVE-2023-5214 – CVE-2023-5214 - Privilege Escalation in Puppet Bolt
https://notcve.org/view.php?id=CVE-2023-5214
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. En las versiones de Puppet Bolt anteriores a la 3.27.4, se identificó una ruta para escalar privilegios. • https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt • CWE-269: Improper Privilege Management •
CVE-2023-5255 – Denial of Service for Revocation of Auto Renewed Certificates
https://notcve.org/view.php?id=CVE-2023-5255
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Para los certificados que utilizan la función de renovación automática en Puppet Server, existe una falla que impide que los certificados sean revocados. • https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates • CWE-404: Improper Resource Shutdown or Release •
CVE-2023-2530
https://notcve.org/view.php?id=CVE-2023-2530
A privilege escalation allowing remote code execution was discovered in the orchestration service. • https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator •