Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Puppet — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting Puppet. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Puppet is an open-source configuration management tool primarily used for automating infrastructure provisioning and maintaining system consistency across distributed environments. Its architecture, which relies on a master-agent model communicating over SSL, has historically exposed it to various security flaws. Recorded vulnerabilities include remote code execution, cross-site scripting, and privilege escalation issues, often stemming from improper input validation or insecure default configurations in its web interface and API endpoints. While the platform generally employs robust encryption for agent-master communication, past incidents have highlighted risks associated with outdated versions and misconfigured access controls. These weaknesses allow attackers to potentially gain unauthorized administrative access or execute arbitrary commands on managed nodes. Continuous patching and strict adherence to security best practices are essential for mitigating these risks, ensuring that the automation infrastructure remains resilient against exploitation attempts targeting its extensive attack surface.

Top products by Puppet: Puppet Enterprise Puppet Agent Bolt Puppet Discovery PEADM Forge Module puppetlabs-mysql puppetlabs-apt Firewall Module Puppet Chloride pe-client-tools Puppet Enterprise and Puppet Agent Puppet Enterprise 2018.1.x prior to 2018.1.1, razor-server and pe-razor-server prior to 1.9.0.0 puppetlabs-apache mcollective Puppet server mcollective, Puppet, Puppet Enterprise mcollective-puppet-agent plugin
CVE IDTitleCVSSSeverityPublished
CVE-2024-9160 Security Misconfiguration in Forge module PEADM — PEADM Forge ModuleCWE-295 9.1AICriticalAI2024-09-27
CVE-2023-5309 Broken Session Management in Puppet Enterprise — Puppet EnterpriseCWE-384 6.8 Medium2023-11-07
CVE-2023-5214 CVE-2023-5214 - Privilege Escalation in Puppet Bolt — BoltCWE-269 6.5 Medium2023-10-06
CVE-2023-5255 Denial of Service for Revocation of Auto Renewed Certificates — Puppet EnterpriseCWE-404 4.4 Medium2023-10-03
CVE-2023-2530 Puppet 安全漏洞 — Puppet Enterprise 8.8 -2023-06-07
CVE-2023-1894 Puppet Server 安全漏洞 — Puppet Enterprise 7.5 -2023-05-04
CVE-2022-3276 Puppetlabs-mysql Command Injection — puppetlabs-mysqlCWE-78 8.4 High2022-10-07
CVE-2022-3275 Puppetlabs-apt Command Injection — puppetlabs-aptCWE-78 8.4 High2022-10-07
CVE-2022-2394 Sensitive Parameter Exposure in Puppet Bolt prior to 3.24 — BoltCWE-200 4.1 Medium2022-07-19
CVE-2022-0675 Puppet Firewall Module May Leave Unmanaged Rules — Firewall ModuleCWE-1289 5.6 Medium2022-03-02
CVE-2020-7942 Puppet 信任管理问题漏洞 — Puppet 6.5 -2020-02-19
CVE-2018-11747 Puppet Discovery 信任管理问题漏洞 — Puppet Discovery 9.8 -2019-03-17
CVE-2018-6517 chloride 安全漏洞 — Chloride 7.5 -2019-03-17
CVE-2018-11749 Puppet Enterprise 信息泄露漏洞 — Puppet Enterprise 8.8 -2018-08-24
CVE-2018-11746 Puppet Discovery can leak authentication information — Puppet Discovery 9.1 -2018-07-03
CVE-2018-6516 PE client tools for Windows 安全漏洞 — pe-client-tools 7.8 -2018-06-14
CVE-2018-6515 Puppet Agent for Windows 输入验证漏洞 — Puppet Agent 7.8 -2018-06-11
CVE-2018-6514 Puppet Agent for Windows 安全漏洞 — Puppet Agent 7.8 -2018-06-11
CVE-2018-6513 Puppet Enterprise和Puppet Agent 权限许可和访问控制问题漏洞 — Puppet Enterprise and Puppet Agent 8.8 -2018-06-11
CVE-2018-6512 Puppet Enterprise、razor-server和pe-razor-server 代码注入漏洞 — Puppet Enterprise 2018.1.x prior to 2018.1.1, razor-server and pe-razor-server prior to 1.9.0.0 9.8 -2018-06-11
CVE-2018-6510 XSS Vulnerability in Puppet Enterprise Console — Puppet Enterprise 5.4 -2018-05-08
CVE-2018-6511 XSS Vulnerability in Puppet Enterprise Console — Puppet Enterprise 5.4 -2018-05-08
CVE-2018-6508 Puppet Enterprise 安全漏洞 — Puppet Enterprise 8.0 -2018-02-09
CVE-2017-10690 Puppet Agent 安全漏洞 — Puppet Enterprise 6.5 -2018-02-09
CVE-2017-10689 Puppet Agent 安全漏洞 — Puppet Enterprise 7.1 -2018-02-09
CVE-2017-2297 Puppet 授权问题漏洞 — Puppet Enterprise 8.8 -2018-02-01
CVE-2017-2296 Puppet Enterprise 安全漏洞 — Puppet Enterprise 6.5 -2018-02-01
CVE-2017-2293 Puppet Enterprise MCollective服务器安全漏洞 — Puppet Enterprise 4.9 -2018-02-01
CVE-2016-5713 Puppet Agent PXP agent 安全漏洞 — Puppet Agent 9.8 -2017-12-06
CVE-2017-2299 puppetlabs-apache模块信息泄露漏洞 — puppetlabs-apache 7.5 -2017-09-15

This page lists every published CVE security advisory associated with Puppet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.