puppet 0.25.1
Puppet Improper Access Control
critical severity CVE-2016-2785>= 4.4.2
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Unauthenticated Remote Code Execution Vulnerability
high severity CVE-2013-3567~> 2.7.22
, >= 3.2.2
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Silent Configuration Failure in Puppet Agent
medium severity CVE-2021-27025~> 6.25.1
, >= 7.12.1
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
medium severity CVE-2021-27023~> 6.25.1
, >= 7.12.1
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Improper Certificate Validation in Puppet
medium severity CVE-2020-7942~> 5.5.19
, >= 6.13.0
Previously, Puppet operated on a model that a node with a valid certificate
was entitled to all information in the system and that a compromised certificate
allowed access to everything in the infrastructure. When a node's catalog falls
back to the default
node, the catalog can be retrieved for a different node by
modifying facts for the Puppet run. This issue can be mitigated by setting
strict_hostname_checking = true
in puppet.conf
on your Puppet master. Puppet
6.13.0 changes the default behavior for strict_hostname_checking from false to
true. It is recommended that Puppet Open Source and Puppet Enterprise users that
are not upgrading still set strict_hostname_checking
to true
to ensure secure
behavior.
Tarball permission preservation in puppet
medium severity CVE-2017-10689~> 4.10.10
, >= 5.3.4
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions.
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
medium severity CVE-2014-3248~> 2.7.26
, >= 3.6.2
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Insufficient input validation
medium severity CVE-2012-3867~> 2.6.17
, >= 2.7.18
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
Arbitrary file delete/D.O.S on Puppet Master
medium severity CVE-2012-3865~> 2.6.17
, >= 2.7.18
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
Puppet uses predictable filenames, allowing arbitrary file overwrite
medium severity CVE-2011-3871~> 2.6.11
, >= 2.7.5
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x,
when running in --edit
mode, uses a predictable file name, which
allows local users to run arbitrary Puppet code or trick a user
into editing arbitrary files.
Puppet allows local users to modify the permissions of arbitrary files
medium severity CVE-2011-3870~> 2.6.11
, >= 2.7.5
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
Puppet arbitrary file overwrite
medium severity CVE-2011-3869~> 2.6.11
, >= 2.7.5
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
Agent Imprersonation in Puppet
low severity CVE-2012-3408>= 2.7.18
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
Puppet arbitrary files overwrite via a symlink attack
low severity CVE-2010-0156~> 0.24.9
, >= 0.25.2
< 0.24.0
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Gem version without a license.
Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.
This gem version is available.
This gem version has not been yanked and is still available for usage.