CVSS: 7.5EPSS: 65%CPEs: 6EXPL: 0CVE-2020-7943 – puppet: puppet server and puppetDB may leak sensitive information via metrics API
https://notcve.org/view.php?id=CVE-2020-7943
11 Mar 2020 — Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and on... • https://puppet.com/security/cve/CVE-2020-7943 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5686
https://notcve.org/view.php?id=CVE-2015-5686
27 Feb 2020 — Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. Se encontró que partes de la Puppet Enterprise Console versiones 3.x, eran susceptibles a ataques de secuestro de cliqueo y de tipo CSRF (Cross-Site Request Forgery). Esto permitiría a un atacante redireccionar la entrada del usuario hacia un sitio no confiable o secuestrar una... • https://puppet.com/security/cve/CVE-2015-5686 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7942 – puppet: Arbitrary catalog retrieval
https://notcve.org/view.php?id=CVE-2020-7942
19 Feb 2020 — Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default ... • https://puppet.com/security/cve/CVE-2020-7942 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11751 – puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
https://notcve.org/view.php?id=CVE-2018-11751
16 Dec 2019 — Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. Las versiones anteriores de Puppet Agent no comprobaban el peer en la conexión SSL antes de descargar la CRL. Este problema es resuelto en Puppet Agent versión 6.4.0. A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List (CRL). • https://puppet.com/security/cve/CVE-2018-11751 • CWE-295: Improper Certificate Validation CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0175
https://notcve.org/view.php?id=CVE-2014-0175
13 Dec 2019 — mcollective has a default password set at install mcollective presenta una contraseña predeterminada establecida en la instalación. • https://access.redhat.com/security/cve/cve-2014-0175 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10695
https://notcve.org/view.php?id=CVE-2019-10695
11 Dec 2019 — When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module. Al utilizar la tarea cd4pe :: root_configuration para configurar una Entrega continua para la instalación de PE, el nombre de usuario y la contraseña del usuario raíz se expusieron en el panel Detalles del trabajo del trabajo en ... • https://puppet.com/security/cve/CVE-2019-10695 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10694
https://notcve.org/view.php?id=CVE-2019-10694
11 Dec 2019 — The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9. La instalación rápida, que es la forma sugerida de instalar Puppet Enterprise, le entrega al usuario una URL al final de la instalación para establecer la contraseña de administrador. Si no usan esa URL, exist... • https://puppet.com/security/cve/CVE-2019-10694 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4968
https://notcve.org/view.php?id=CVE-2013-4968
11 Dec 2019 — Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." Puppet Enterprise versiones anteriores a 3.0.1, permite a atacantes remotos (1) conducir ataques de secuestro de cliqueo por medio de vectores no especificados relacionados con la consola, y (2) realizar ataques de tipo cross-site scripting (XSS) por medio de vectores... • http://puppetlabs.com/security/cve/cve-2013-4968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11747
https://notcve.org/view.php?id=CVE-2018-11747
17 Mar 2019 — Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. Anteriormente, Puppet Discovery se distribuía con un certificado TLS generado por defecto en el contenedor nginx. En la versión 1.4.0, se generará un certificado único en la instalación o el usuario será capaz de proporcionar su propio certificado TLS para l... • https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6517
https://notcve.org/view.php?id=CVE-2018-6517
17 Mar 2019 — Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride. En versiones anteriores a la 0.3.0, el uso de chloride de net-ssh resultó en la adición de huellas del host para hosts anteriormente desconocidos en el archivo known_hosts del usuario sin confirmación. En la versión 0.3.0, esto se ha actua... • https://puppet.com/security/cve/CVE-2018-6517 • CWE-295: Improper Certificate Validation •