puppet
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting puppet.
- CVE-2025-5459OS Command Injection8.8
- CVE-2023-5309Broken Session Management in Puppet Enterprise6.8
- CVE-2023-5214CVE-2023-5214 - Privilege Escalation in Puppet Bolt 6.5
- CVE-2023-5255Denial of Service for Revocation of Auto Renewed Certificates4.4
- CVE-2023-2530A privilege escalation allowing remote code execution was discovered in the orchestration service.9.8
- CVE-2023-1894A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed do...5.3
- CVE-2022-3276Puppetlabs-mysql Command Injection8.4
- CVE-2022-3275Puppetlabs-apt Command Injection8.4
- CVE-2022-2394Sensitive Parameter Exposure in Puppet Bolt prior to 3.244.1
- CVE-2022-0675Puppet Firewall Module May Leave Unmanaged Rules5.6
- CVE-2021-27023A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-10000079.8
- CVE-2021-27025A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.6.5
- CVE-2021-27026A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged4.4
- CVE-2021-27024A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in...8.1
- CVE-2021-27022A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/W...4.9