Puppet Puppet_agent
4 CVEs affecting Puppet Puppet_agent. Latest disclosed: 2017-12-06. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5713 | Critical | 9.8 | 2017-12-06 | Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet run… |
CVE-2016-2786 | Critical | 9.8 | 2016-06-10 | The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which… |
CVE-2016-2785 | Critical | 9.8 | 2016-06-10 | Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended au… |
CVE-2016-5714 | High | 7.2 | 2017-10-18 | Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechan… |