Vulnerabilidades em Puppet

37 resultados
CVE-2017-2295Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specifiedEPSS 2.4%CVE-2017-2292Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code eEPSS 2.2%CVE-2022-3275HIGHPuppetlabs-apt Command InjectionEPSS 2.1%CVE-2016-5713Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables thEPSS 2.0%CVE-2018-6512The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases arEPSS 1.9%CVE-2018-6508Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the faEPSS 1.9%CVE-2016-5716The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code exEPSS 1.8%CVE-2022-3276HIGHPuppetlabs-mysql Command InjectionEPSS 1.6%CVE-2017-2298The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written.EPSS 1.5%CVE-2018-11746HIGHPuppet Discovery can leak authentication informationEPSS 1.4%CVE-2016-9686The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP BrokEPSS 1.3%CVE-2017-2290On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that willEPSS 1.2%CVE-2017-2294Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in EPSS 1.2%CVE-2018-6513Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, PEPSS 1.1%CVE-2023-2530A privilege escalation allowing remote code execution was discovered in the orchestration service.EPSS 1.1%CVE-2017-10690In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retriEPSS 1.0%CVE-2017-2296In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group naEPSS 0.9%CVE-2018-6517Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knoEPSS 0.9%CVE-2022-0675MEDIUMPuppet Firewall Module May Leave Unmanaged RulesEPSS 0.9%CVE-2017-2299Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify EPSS 0.8%