Puppet: >> Puppet Enterprise >> 2021.0.0 Security Vulnerabilities
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-11-07
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
CVSS Score
9.8
EPSS Score
0.003
Published
2021-11-18
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-07-20