Puppet Puppet Agent
6 CVEs affecting Puppet Puppet Agent. Latest disclosed: 2020-02-19. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5713 | Critical | 9.8 | 2017-12-06 | Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet run… |
CVE-2020-7942 | | 2020-02-19 | Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate al… | |
CVE-2018-6515 | | 2018-06-11 | Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted config… | |
CVE-2018-6514 | | 2018-06-11 | In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preload… | |
CVE-2017-10690 | | 2018-02-09 | In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was… | |
CVE-2017-10689 | | 2018-02-09 | In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this… |