puppet vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2011-3871Mediumpuppet: Puppet uses predictable filenames, allowing arbitrary file overwriteCVE-2011-0528Mediumpuppet: Puppet does not properly restrict access to node resourcesCVE-2011-3870Mediumpuppet: Puppet allows local users to modify the permissions of arbitrary filesCVE-2011-3869Mediumpuppet: Puppet arbitrary file overwriteCVE-2012-1987Lowpuppet: Puppet Denial of Service and Arbitrary File WriteCVE-2012-1906Mediumpuppet: Puppet uses predictable filenames, allowing arbitrary file overwriteCVE-2012-1988Mediumpuppet: Puppet Arbitrary Command ExecutionCVE-2012-1053Mediumpuppet: Puppet Privilege EscallationCVE-2017-10689Mediumpuppet: Tarball permission preservation in puppetCVE-2016-2785Criticalpuppet: Puppet Improper Access ControlCVE-2010-0156Lowpuppet: Puppet arbitrary files overwrite via a symlink attackCVE-2021-27025Mediumpuppet: Silent Configuration Failure in Puppet AgentCVE-2021-27023Mediumpuppet: Unsafe HTTP Redirect in Puppet Agent and Puppet ServerCVE-2020-7942Mediumpuppet: Improper Certificate Validation in PuppetCVE-2012-1989Lowpuppet: Puppet allows local users to overwrite arbitrary files via a symlink attackCVE-2012-3408Lowpuppet: Puppet supports use of IP addresses in certnames without warning of potential risksCVE-2012-3865Lowpuppet: Puppet vulnerable to Path TraversalCVE-2012-3866Lowpuppet: Puppet allows local users to obtain sensitive configuration informationCVE-2012-3867Mediumpuppet: Pupper does not properly restrict characters in Common Name field of Certificate Signing RequestCVE-2013-1655Highpuppet: Puppet Improper Input Validation vulnerabilityCVE-2013-3567Highpuppet: Puppet Improper Input Validation vulnerabilityCVE-2013-4761Mediumpuppet: Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type serviceCVE-2014-3248Mediumfacter: facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability

Stop the waste.
Protect your environment with Kodem.