Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Puppet — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting Puppet. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Puppet is an open-source configuration management tool primarily used for automating infrastructure provisioning and maintaining system consistency across distributed environments. Its architecture, which relies on a master-agent model communicating over SSL, has historically exposed it to various security flaws. Recorded vulnerabilities include remote code execution, cross-site scripting, and privilege escalation issues, often stemming from improper input validation or insecure default configurations in its web interface and API endpoints. While the platform generally employs robust encryption for agent-master communication, past incidents have highlighted risks associated with outdated versions and misconfigured access controls. These weaknesses allow attackers to potentially gain unauthorized administrative access or execute arbitrary commands on managed nodes. Continuous patching and strict adherence to security best practices are essential for mitigating these risks, ensuring that the automation infrastructure remains resilient against exploitation attempts targeting its extensive attack surface.

Top products by Puppet: Puppet Enterprise Puppet Agent Bolt Puppet Discovery PEADM Forge Module puppetlabs-mysql puppetlabs-apt Firewall Module Puppet Chloride pe-client-tools Puppet Enterprise and Puppet Agent Puppet Enterprise 2018.1.x prior to 2018.1.1, razor-server and pe-razor-server prior to 1.9.0.0 puppetlabs-apache mcollective Puppet server mcollective, Puppet, Puppet Enterprise mcollective-puppet-agent plugin
CVE IDTitleCVSSSeverityPublished
CVE-2016-5716 Puppet Enterprise console 安全漏洞 — Puppet Enterprise 8.8 -2017-08-09
CVE-2017-2295 Puppet 安全漏洞 — Puppet server 8.5 -2017-07-05
CVE-2017-2294 Puppet Enterprise 安全漏洞 — Puppet Enterprise 7.5 -2017-07-05
CVE-2017-2298 Puppet mcollective-sshkey-security插件安全漏洞 — mcollective 6.5 -2017-06-30
CVE-2017-2292 MCollective 安全漏洞 — mcollective, Puppet, Puppet Enterprise 9.9 -2017-06-30
CVE-2017-2290 mcollective-puppet-agent 安全漏洞 — mcollective-puppet-agent plugin 8.8 -2017-03-03
CVE-2016-9686 Puppet Enterprise 安全漏洞 — Puppet Enterprise 5.3 -2017-02-08

This page lists every published CVE security advisory associated with Puppet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.