Perforce Puppet Enterprise
3 CVEs affecting Perforce Puppet Enterprise. Latest disclosed: 2026-07-03. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-5459 | High | 8.8 | 2025-06-26 | A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It a… |
CVE-2026-8804 | | 2026-07-03 | Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the r… | |
CVE-2025-10360 | | 2025-09-24 | In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the fil… |