CVE-2025-5459

>= 2018.1.8 and < 2023.8.4

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as r

8.8HIGH

CVE-2023-5309

< 2021.7.6

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML imp

6.8MEDIUM

CVE-2023-5255

all versions

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being re

4.4MEDIUM

CVE-2023-2530

>= 2021.7.0 and <= 2021.7.3

A privilege escalation allowing remote code execution was discovered in the orchestration service.

9.8CRITICAL

CVE-2023-1894

all versions

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue relate

5.3MEDIUM

CVE-2021-27026

< 2019.8.9

A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged

4.4MEDIUM

CVE-2021-27025

< 2019.8.9

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Serv

6.5MEDIUM

CVE-2021-27023

< 2019.8.9

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirect

9.8CRITICAL

CVE-2021-27022

< 2019.8.8

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters

4.9MEDIUM

CVE-2021-27020

< 2019.8.6

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.

8.8HIGH

CVE-2021-27019

< 2019.8.6

PuppetDB logging included potentially sensitive system information.

4.3MEDIUM

CVE-2021-27021

< 2019.8.7

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an

8.8HIGH

CVE-2020-7943

>= 2018.1.0 and < 2018.1.15

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this

7.5HIGH

CVE-2015-5686

>= 3.0.0 and < 2015.2.0

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) atta

8.8HIGH

CVE-2019-10694

>= 2018.1.0 and < 2018.1.9

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to se

9.8CRITICAL

CVE-2013-4968

>= 2.0.0 and < 3.0.1

Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the

6.1MEDIUM

CVE-2015-1855

>= 3.0.0 and < 3.8.0

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2

5.9MEDIUM

CVE-2018-11749

<= 2016.4.14

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP

9.8CRITICAL

CVE-2018-6513

>= 2016.4.0 and < 2016.4.12

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2

8.8HIGH

CVE-2018-6512

>= 2018.1.0 and < 2018.1.1

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected r

9.8CRITICAL

CVE-2018-6511

< 2017.3.6

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Pu

5.4MEDIUM

CVE-2018-6510

< 2017.3.6

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Pu

5.4MEDIUM

CVE-2018-6508

>= 2017.3.0 and <= 2017.3.2

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed i

8.0HIGH

CVE-2017-10690

< 2017.3.4

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classifie

6.5MEDIUM

CVE-2017-10689

< 2016.4.10

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1

5.5MEDIUM

CVE-2017-2297

< 2016.4.5

Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC acces

7.5HIGH

CVE-2017-2296

all versions

In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier nod

6.5MEDIUM

CVE-2017-2293

< 2016.4.5

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plu

4.9MEDIUM

CVE-2015-4100

>= 3.7.0 and <= 3.7.2

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging

6.8MEDIUM

CVE-2015-8470

>= 3.7.0 and <= 3.7.2

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS ses

6.5MEDIUM

CVE-2015-6502

< 2015.2.1

Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arb

6.1MEDIUM

CVE-2016-5714

all versions

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a hos

7.2HIGH

CVE-2016-5716

all versions

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remo

8.8HIGH

CVE-2017-7529

< 2016.4.7

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter modul

7.5HIGH

CVE-2017-2294

<= 2016.4.3

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature

7.5HIGH

CVE-2016-2788

>= 3.8.0 and < 3.8.6

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vect

9.8CRITICAL

CVE-2016-2787

all versions

The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the b

5.3MEDIUM

CVE-2016-9686

>= 2016.4.0 and < 2016.4.3

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash th

5.3MEDIUM

CVE-2016-5715

>= 2015.2.0 and <= 2015.3.3

Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redir

6.1MEDIUM

CVE-2015-6501

<= 2015.2.0

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbit

6.1MEDIUM

CVE-2016-2786

all versions

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly valida

9.8CRITICAL

CVE-2015-7330

all versions

Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the

8.8HIGH

CVE-2015-7328

all versions

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the

4.7MEDIUM

CVE-2014-9355

<= 3.7.0

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information b

CVE-2014-3248

>= 2.8.0 and < 2.8.7

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x

CVE-2014-3251

<= 3.2.0

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly val

CVE-2014-3249

all versions

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhi

CVE-2013-4963

<= 3.0.0

Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack

CVE-2013-1399

<= 2.7.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user a

CVE-2013-1398

<= 2.7.0

The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL key

CVE-2012-5158

<= 2.6.0

Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote

CVE-2012-0891

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x b

CVE-2013-4971

<= 3.1.1

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers t

CVE-2013-4966

<= 3.1.1

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which a

CVE-2013-4969

>= 2.0.0 and < 2.8.4

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwr

CVE-2013-4965

<= 3.0.1

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes

CVE-2013-4957

<= 3.0.0

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specif

CVE-2013-4967

<= 3.0.0

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is

CVE-2013-4964

<= 3.0.0

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for

CVE-2013-4962

<= 3.0.0

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to

CVE-2013-4961

<= 3.0.0

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response hea

CVE-2013-4959

<= 3.0.0

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might

CVE-2013-4958

<= 3.0.0

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveragin

CVE-2013-4956

all versions

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 a

CVE-2013-4955

<= 3.0.0

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbit

CVE-2013-4762

<= 3.0.0

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers

CVE-2013-4761

all versions

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x

CVE-2013-3567

<= 2.8.1

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows r

CVE-2013-2716

<= 2.7.2

Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml

CVE-2013-2275

all versions

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1

CVE-2013-2274

all versions

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on

CVE-2013-1655

all versions

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary

CVE-2013-1654

all versions

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL p

CVE-2013-1653

all versions

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when

CVE-2013-1652

all versions

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allow

CVE-2013-1640

< 1.2.7

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x be

CVE-2012-3867

<= 2.5.1

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does

CVE-2012-3866

<= 2.5.1

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_repor

CVE-2012-3865

<= 2.5.1

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enter

CVE-2012-3864

<= 2.5.1

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitr

CVE-2012-3408

< 2.5.2

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certn

CVE-2012-1989

all versions

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to over

CVE-2012-1988

>= 1.2.0 and < 2.5.1

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.

CVE-2012-1987

>= 1.0 and < 2.5.1

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x,

CVE-2012-1986

all versions

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.

CVE-2012-1906

all versions

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.

CVE-2012-1054

all versions

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when man

CVE-2012-1053

all versions

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11,

CVE-2011-3872

all versions

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing a