Shodan
Vulnerabilities
Vulnerable Software
Puppet:  Security Vulnerabilities
CVE-2021-27024
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
CVSS Score
8.1
EPSS Score
0.003
Published
2021-11-18
CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-11-18
CVE-2021-27026
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
CVSS Score
4.4
EPSS Score
0.001
Published
2021-11-18
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
CVSS Score
4.9
EPSS Score
0.003
Published
2021-09-07
CVE-2021-27018
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-08-30
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-30
CVE-2021-27020
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-08-30
CVE-2021-27021
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-07-20
CVE-2020-7945
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-09-18
CVE-2020-7944
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
CVSS Score
7.7
EPSS Score
0.004
Published
2020-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved