pkg:RubyGems/puppet

23 total CVEsCRITICAL1MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2016-2785Puppet Improper Access Control
    >= 4.0.0, < 4.4.2
  • MEDIUM6.5CVE-2021-27025Silent Configuration Failure in Puppet Agent
    >= 7.0.0, < 7.12.1
  • MEDIUM6.5CVE-2021-27023Unsafe HTTP Redirect in Puppet Agent and Puppet Server
    >= 7.0.0, < 7.12.1
  • MEDIUM6.5CVE-2020-7942Improper Certificate Validation in Puppet
    >= 6.0.0, < 6.13.0
  • MEDIUM5.5CVE-2017-10689Tarball permission preservation in puppet
    from 0, < 4.10.10
  • CVE-2011-0528Puppet does not properly restrict access to node resources
    >= 2.6.0, < 2.6.4
  • CVE-2011-3871Puppet uses predictable filenames, allowing arbitrary file overwrite
    >= 2.7.0, < 2.7.5
  • CVE-2011-3869Puppet arbitrary file overwrite
    >= 2.7.0, < 2.7.5
  • CVE-2011-3870Puppet allows local users to modify the permissions of arbitrary files
    >= 2.7.0, < 2.7.5
  • CVE-2012-1906puppet - several
    >= 2.6, < 2.6.15
  • CVE-2012-1988Puppet Arbitrary Command Execution
    >= 2.6.0, < 2.6.15
  • CVE-2012-1987Puppet Denial of Service and Arbitrary File Write
    >= 2.6.0, < 2.6.15
  • CVE-2012-1053puppet - several
    >= 2.6, < 2.6.14
  • CVE-2010-0156Puppet arbitrary files overwrite via a symlink attack
    >= 0.24.0, < 0.24.9
  • CVE-2012-1989Puppet allows local users to overwrite arbitrary files via a symlink attack
    >= 2.7.1, < 2.7.13
  • CVE-2012-3408Puppet supports use of IP addresses in certnames without warning of potential risks
    from 0, < 2.7.18
  • CVE-2013-4761puppet - several
    >= 2.7.0, < 2.7.23
  • CVE-2013-3567puppet - code execution
    >= 2.7.0, < 2.7.22
  • CVE-2012-3866Puppet allows local users to obtain sensitive configuration information
    >= 2.7.0, < 2.7.18
  • CVE-2012-3865Puppet vulnerable to Path Traversal
    from 0, < 2.6.17
  • CVE-2012-3867Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
    from 0, < 2.6.17
  • CVE-2013-1655Puppet Improper Input Validation vulnerability
    >= 2.7.0, < 2.7.21
  • CVE-2014-3248facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
    from 0, < 2.7.26