VYPR

Puppet Server

by Puppet (software)

Source repositories

CVEs (7)

  • CVE-2016-2785CriJun 10, 2016
    risk 0.57cvss 9.8epss 0.03

    Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

  • CVE-2017-2295HigJul 5, 2017
    risk 0.53cvss 8.2epss 0.02

    Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change…

  • CVE-2015-7328MedJan 8, 2016
    risk 0.31cvss 4.7epss 0.00

    Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to…

  • CVE-2020-7943Mar 11, 2020
    risk 0.05cvss epss 0.08

    Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as…

  • CVE-2023-5255Oct 3, 2023
    risk 0.00cvss epss 0.00

    For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.

  • CVE-2023-1894May 4, 2023
    risk 0.00cvss epss 0.00

    A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

  • CVE-2014-7170Dec 17, 2014
    risk 0.00cvss epss 0.00

    Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.