Puppet Enterprise
Source repositories
CVEs (85)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5715 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2017 | Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this… | ||
| CVE-2015-6501 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2017 | Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | ||
| CVE-2018-6511 | Med | 0.35 | 5.4 | 0.01 | May 8, 2018 | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | ||
| CVE-2018-6510 | Med | 0.35 | 5.4 | 0.01 | May 8, 2018 | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | ||
| CVE-2016-9686 | Med | 0.35 | 5.3 | 0.01 | Feb 8, 2017 | The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. | ||
| CVE-2016-2787 | Med | 0.34 | 5.3 | 0.01 | Feb 13, 2017 | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. | ||
| CVE-2017-2293 | Med | 0.32 | 4.9 | 0.01 | Feb 1, 2018 | Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who… | ||
| CVE-2015-7328 | Med | 0.31 | 4.7 | 0.00 | Jan 8, 2016 | Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to… | ||
| CVE-2017-10689 | Med | 0.29 | 5.5 | 0.00 | Feb 9, 2018 | In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | ||
| CVE-2020-7943 | 0.05 | — | 0.08 | Mar 11, 2020 | Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as… | |||
| CVE-2025-5459 | 0.00 | — | 0.00 | Jun 26, 2025 | A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and… | |||
| CVE-2023-5309 | 0.00 | — | 0.01 | Nov 7, 2023 | Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | |||
| CVE-2023-5255 | 0.00 | — | 0.00 | Oct 3, 2023 | For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | |||
| CVE-2023-2530 | 0.00 | — | 0.01 | Jun 7, 2023 | A privilege escalation allowing remote code execution was discovered in the orchestration service. | |||
| CVE-2023-1894 | 0.00 | — | 0.00 | May 4, 2023 | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | |||
| CVE-2021-27026 | 0.00 | — | 0.00 | Nov 18, 2021 | A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | |||
| CVE-2021-27020 | 0.00 | — | 0.01 | Aug 30, 2021 | Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | |||
| CVE-2015-5686 | 0.00 | — | 0.00 | Feb 27, 2020 | Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | |||
| CVE-2019-10694 | 0.00 | — | 0.01 | Dec 11, 2019 | The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise… | |||
| CVE-2013-4968 | 0.00 | — | 0.01 | Dec 11, 2019 | Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." |
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this…
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
- risk 0.35cvss 5.4epss 0.01
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
- risk 0.35cvss 5.4epss 0.01
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
- risk 0.35cvss 5.3epss 0.01
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
- risk 0.34cvss 5.3epss 0.01
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
- risk 0.32cvss 4.9epss 0.01
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who…
- risk 0.31cvss 4.7epss 0.00
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to…
- risk 0.29cvss 5.5epss 0.00
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
- CVE-2020-7943Mar 11, 2020risk 0.05cvss —epss 0.08
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as…
- CVE-2025-5459Jun 26, 2025risk 0.00cvss —epss 0.00
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and…
- CVE-2023-5309Nov 7, 2023risk 0.00cvss —epss 0.01
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
- CVE-2023-5255Oct 3, 2023risk 0.00cvss —epss 0.00
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
- CVE-2023-2530Jun 7, 2023risk 0.00cvss —epss 0.01
A privilege escalation allowing remote code execution was discovered in the orchestration service.
- CVE-2023-1894May 4, 2023risk 0.00cvss —epss 0.00
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
- CVE-2021-27026Nov 18, 2021risk 0.00cvss —epss 0.00
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
- CVE-2021-27020Aug 30, 2021risk 0.00cvss —epss 0.01
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
- CVE-2015-5686Feb 27, 2020risk 0.00cvss —epss 0.00
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.
- CVE-2019-10694Dec 11, 2019risk 0.00cvss —epss 0.01
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise…
- CVE-2013-4968Dec 11, 2019risk 0.00cvss —epss 0.01
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."
Page 2 of 5