VYPR

rpm package

suse/puppet&distro=SUSE Linux Enterprise Module for Advanced Systems Management 12

pkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012

Vulnerabilities (4)

  • CVE-2021-27023Nov 18, 2021
    affected < 3.8.5-15.18.1fixed 3.8.5-15.18.1

    A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

  • CVE-2020-7942Feb 19, 2020
    affected < 3.8.5-15.12.1fixed 3.8.5-15.12.1

    Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can

  • CVE-2017-10689MedFeb 9, 2018
    affected < 3.8.5-15.9.1fixed 3.8.5-15.9.1

    In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

  • CVE-2017-2295HigJul 5, 2017
    affected < 3.8.5-15.3.3fixed 3.8.5-15.3.3

    Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constr