CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27021
https://notcve.org/view.php?id=CVE-2021-27021
20 Jul 2021 — A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. Se ha detectado un fallo en Puppet DB, este fallo resulta en una escalada de privilegios que permite al usuario eliminar tablas por medio de una consulta SQL • https://puppet.com/security/cve/cve-2021-27021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-1027: OWASP Top Ten 2017 Category A1 - Injection •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-10690 – puppet: Environment leakage in puppet-agent
https://notcve.org/view.php?id=CVE-2017-10690
09 Feb 2018 — In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4 En versiones anteriores de Puppet Agent, era posible que el agente recuperase hechos de un entorno para el que no estaba clasificado. Esto se solucionó en Puppet Agent 5.3.4, incluido en Puppet Enterprise 2017.3.4. Red Hat Satellite is a systems management tool for Linux-based infr... • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-203: Observable Discrepancy CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10689 – puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions
https://notcve.org/view.php?id=CVE-2017-10689
09 Feb 2018 — In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. En versiones anteriores de Puppet Agent, era posible instalar un módulo con permisos de modificación para cualquier usuario. Puppet Agent 5.3.4 y 1.10.10 incluían una solución para esta vulnerabilidad. Red Hat Satellite is a systems management tool for Linux-based infrastructure. • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3250
https://notcve.org/view.php?id=CVE-2014-3250
11 Dec 2017 — The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. El archivo de configuración vhost por defecto en Puppet en versiones anteriores a la 3.6.2 no incluye la directiva SSLCARevocationCheck. Esto podría permitir que atacantes remotos obtengan información sensible mediante un certificado revocado cuando un Puppet mas... • https://bugzilla.redhat.com/show_bug.cgi?id=1101347 • CWE-295: Improper Certificate Validation •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2295 – puppet: Unsafe YAML deserialization
https://notcve.org/view.php?id=CVE-2017-2295
05 Jun 2017 — Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. Las versiones de Puppet anteriores a la 4.10.1 deserializarán datos "off the wire" (del agente al servidor, en este caso) con un formato especificado por el atacant... • http://www.debian.org/security/2017/dsa-3862 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.4EPSS: 0%CPEs: 15EXPL: 1CVE-2014-3248 – Gentoo Linux Security Advisory 201412-15
https://notcve.org/view.php?id=CVE-2014-3248
16 Nov 2014 — Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7)... • http://puppetlabs.com/security/cve/cve-2014-3248 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 31%CPEs: 41EXPL: 0CVE-2013-3567 – puppet: remote code execution on master from unauthenticated clients
https://notcve.org/view.php?id=CVE-2013-3567
19 Jun 2013 — Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciación de clases de Ruby y ejecutar código arbitrario a través de una llamada RESTAPI manipulada. Pu... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2716
https://notcve.org/view.php?id=CVE-2013-2716
10 Apr 2013 — Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie. Puppet Labs Puppet Enterprise antes de v2.8.0 no utiliza un "secreto aleatorio" en el archivo de configuración de cliente de CAS (cas_client_config.yml) que al actualizarse desde versiones v1.2.x v2.0.x o, permite a atacantes remotos obtener acceso a l... • http://secunia.com/advisories/52862 • CWE-310: Cryptographic Issues •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 0CVE-2013-1652 – Puppet: HTTP GET request catalog retrieval
https://notcve.org/view.php?id=CVE-2013-1652
20 Mar 2013 — Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2 permite a usuarios remotos autenticados con un certificado válido y una clave privad... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2013-2275 – Puppet: default auth.conf allows authenticated node to submit a report for any other node
https://notcve.org/view.php?id=CVE-2013-2275
20 Mar 2013 — The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. La configuración por defecto para puppet masters v0.25.0 y posteriores en Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21 y v3.1.x anterior a 3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2, permite ... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html •