Vulnerabilidades em Puppet

37 resultados

CVE-2018-6515—Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a speciEPSS 0.8%CVE-2018-6516—On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prEPSS 0.8%CVE-2018-6514—In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerabEPSS 0.8%CVE-2020-7942—Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromEPSS 0.8%CVE-2018-11749—When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. TEPSS 0.8%CVE-2018-11747—Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certifiEPSS 0.7%CVE-2017-2293—Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to insEPSS 0.7%CVE-2018-6511MEDIUMXSS Vulnerability in Puppet Enterprise ConsoleEPSS 0.6%CVE-2017-2297—Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. EPSS 0.6%CVE-2018-6510MEDIUMXSS Vulnerability in Puppet Enterprise ConsoleEPSS 0.5%CVE-2023-5309MEDIUMBroken Session Management in Puppet EnterpriseEPSS 0.5%CVE-2022-2394MEDIUMSensitive Parameter Exposure in Puppet Bolt prior to 3.24EPSS 0.4%CVE-2023-1894MEDIUMA Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to speciEPSS 0.4%CVE-2023-5255MEDIUMDenial of Service for Revocation of Auto Renewed CertificatesEPSS 0.4%CVE-2023-5214MEDIUMCVE-2023-5214 - Privilege Escalation in Puppet Bolt EPSS 0.4%CVE-2017-10689—In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 incEPSS 0.4%CVE-2024-9160MEDIUMSecurity Misconfiguration in Forge module PEADMEPSS 0.2%

← anteriorpágina 2 / 2próxima →