Information on source package puppet

Available versions

ReleaseVersion
jessie3.7.2-4+deb8u1
stretch4.8.2-5
buster5.5.10-4
bullseye5.5.22-2

Open issues

BugjessiestretchbusterbullseyeDescription
CVE-2021-27025vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)A flaw was discovered in Puppet Agent where the agent may silently ign ...
CVE-2021-27023vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)A flaw was discovered in Puppet Agent and Puppet Server that may resul ...
CVE-2017-10689vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn previous versions of Puppet Agent it was possible to install a modu ...

Open unimportant issues

BugjessiestretchbusterbullseyeDescription
CVE-2020-7942vulnerablevulnerablevulnerablevulnerablePreviously, Puppet operated on a model that a node with a valid certif ...

Resolved issues

BugDescription
TEMP-0000000-B4B71FFix file indirectory injection
CVE-2023-5255For certificates that utilize the auto-renew feature in Puppet Server, ...
CVE-2023-2530A privilege escalation allowing remote code execution was discovered i ...
CVE-2023-1894A Regular Expression Denial of Service (ReDoS) issue was discovered in ...
CVE-2021-27022A flaw was discovered in bolt-server and ace where running a task with ...
CVE-2021-27020Puppet Enterprise presented a security risk by not sanitizing user inp ...
CVE-2021-27017
CVE-2020-7943Puppet Server and PuppetDB provide useful performance and debugging in ...
CVE-2018-11751Previous versions of Puppet Agent didn't verify the peer in the SSL co ...
CVE-2018-11749When users are configured to use startTLS with RBAC LDAP, at login tim ...
CVE-2018-6516On Windows only, with a specifically crafted configuration file an att ...
CVE-2018-6515Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3. ...
CVE-2018-6513Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017. ...
CVE-2018-6512The previous version of Puppet Enterprise 2018.1 is vulnerable to unsa ...
CVE-2018-6511A cross-site scripting vulnerability in Puppet Enterprise Console of P ...
CVE-2018-6510A cross-site scripting vulnerability in Puppet Enterprise Console of P ...
CVE-2017-10690In previous versions of Puppet Agent it was possible for the agent to ...
CVE-2017-2297Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not corr ...
CVE-2017-2296In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...
CVE-2017-2295Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...
CVE-2017-2294Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...
CVE-2017-2293Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped wi ...
CVE-2016-9686The Puppet Communications Protocol (PCP) Broker incorrectly validates ...
CVE-2016-5716The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 i ...
CVE-2016-5715Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...
CVE-2016-5714Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agen ...
CVE-2016-5713Versions of Puppet Agent prior to 1.6.0 included a version of the Pupp ...
CVE-2016-2787The Puppet Communications Protocol in Puppet Enterprise 2015.3.x befor ...
CVE-2016-2786The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 ...
CVE-2016-2785Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before ...
CVE-2015-7331The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows re ...
CVE-2015-7328Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015. ...
CVE-2015-6501Open redirect vulnerability in the Console in Puppet Enterprise before ...
CVE-2015-4100Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated use ...
CVE-2014-9355Puppet Enterprise before 3.7.1 allows remote authenticated users to ob ...
CVE-2014-3250The default vhost configuration file in Puppet before 3.6.2 does not i ...
CVE-2014-3249Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...
CVE-2014-3248Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2. ...
CVE-2013-4971Puppet Enterprise before 3.2.0 does not properly restrict access to no ...
CVE-2013-4969Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) be ...
CVE-2013-4968Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct ...
CVE-2013-4967Puppet Enterprise before 3.0.1 allows remote attackers to obtain the d ...
CVE-2013-4966The master external node classification script in Puppet Enterprise be ...
CVE-2013-4965Puppet Enterprise before 3.1.0 does not properly restrict the number o ...
CVE-2013-4964Puppet Enterprise before 3.0.1 does not set the secure flag for the se ...
CVE-2013-4963Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet E ...
CVE-2013-4962The reset password page in Puppet Enterprise before 3.0.1 does not for ...
CVE-2013-4961Puppet Enterprise before 3.0.1 includes version information for the Ap ...
CVE-2013-4959Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensit ...
CVE-2013-4958Puppet Enterprise before 3.0.1 does not use a session timeout, which m ...
CVE-2013-4956Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3. ...
CVE-2013-4955Open redirect vulnerability in the login page in Puppet Enterprise bef ...
CVE-2013-4762Puppet Enterprise before 3.0.1 does not sufficiently invalidate a sess ...
CVE-2013-4761Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x befo ...
CVE-2013-4073The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/s ...
CVE-2013-3567Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...
CVE-2013-2275The default configuration for puppet masters 0.25.0 and later in Puppe ...
CVE-2013-2274Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 al ...
CVE-2013-1655Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1 ...
CVE-2013-1654Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterpri ...
CVE-2013-1653Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...
CVE-2013-1652Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...
CVE-2013-1640The (1) template and (2) inline_template functions in the master serve ...
CVE-2013-1399Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...
CVE-2013-1398The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does ...
CVE-2012-6120Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directo ...
CVE-2012-5158Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessi ...
CVE-2012-3867lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2. ...
CVE-2012-3866lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enter ...
CVE-2012-3865Directory traversal vulnerability in lib/puppet/reports/store.rb in Pu ...
CVE-2012-3864Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise be ...
CVE-2012-3408lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet En ...
CVE-2012-1989telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2 ...
CVE-2012-1988Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...
CVE-2012-1987Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x befo ...
CVE-2012-1986Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...
CVE-2012-1906Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...
CVE-2012-1054Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterpr ...
CVE-2012-1053The change_user method in the SUIDManager (lib/puppet/util/suidmanager ...
CVE-2011-3872Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterpri ...
CVE-2011-3871Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when runni ...
CVE-2011-3870Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...
CVE-2011-3869Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...
CVE-2011-3848Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2. ...
CVE-2011-0528Puppet 2.6.0 through 2.6.3 does not properly restrict access to node r ...
CVE-2010-0156Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local user ...
CVE-2009-3564puppetmasterd in puppet 0.24.6 does not reset supplementary groups whe ...

Security announcements

DSA / DLADescription
DLA-1012-1puppet - security update
DSA-3862-1puppet - security update
DLA-29-1puppet - security update
DSA-2831-1puppet - insecure temporary files
DSA-2761-1puppet - several
DSA-2715-1puppet - code execution
DSA-2643-1puppet - several issues
DSA-2511-1puppet - several
DSA-2451-1puppet - several
DSA-2419-1puppet - several
DSA-2352-1puppet - programming error
DSA-2314-1puppet - several

Search for package or bug name: Reporting problems