| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-38dv-ps67-r7f7 |
| vulnerability_id |
VCID-38dv-ps67-r7f7 |
| summary |
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.23 |
| purl |
pkg:gem/puppet@2.7.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.23 |
|
| 1 |
| url |
pkg:gem/puppet@3.2.4 |
| purl |
pkg:gem/puppet@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.2.4 |
|
|
| aliases |
CVE-2013-4761, GHSA-cj43-9h3w-v976
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-38dv-ps67-r7f7 |
|
| 1 |
| url |
VCID-7wuf-dtva-x7ej |
| vulnerability_id |
VCID-7wuf-dtva-x7ej |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.11 |
| purl |
pkg:gem/puppet@2.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.11 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.5 |
| purl |
pkg:gem/puppet@2.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5 |
|
|
| aliases |
CVE-2011-3869, GHSA-8c56-v25w-f89c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7wuf-dtva-x7ej |
|
| 2 |
|
| 3 |
| url |
VCID-982t-up4e-t7eg |
| vulnerability_id |
VCID-982t-up4e-t7eg |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0156, GHSA-vrh7-99jh-3fmm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-982t-up4e-t7eg |
|
| 4 |
| url |
VCID-df8e-jf8b-puec |
| vulnerability_id |
VCID-df8e-jf8b-puec |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.11 |
| purl |
pkg:gem/puppet@2.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.11 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.5 |
| purl |
pkg:gem/puppet@2.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5 |
|
|
| aliases |
CVE-2011-3871, GHSA-mpmx-gm5v-q789
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-df8e-jf8b-puec |
|
| 5 |
| url |
VCID-ear8-9pcm-zqfz |
| vulnerability_id |
VCID-ear8-9pcm-zqfz |
| summary |
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1989, GHSA-c5qq-g673-5p49
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ear8-9pcm-zqfz |
|
| 6 |
| url |
VCID-fjyu-jwpx-sfe5 |
| vulnerability_id |
VCID-fjyu-jwpx-sfe5 |
| summary |
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.15 |
| purl |
pkg:gem/puppet@2.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1988, GHSA-6xxq-j39w-g3f6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| url |
VCID-g5ek-ebw1-ebhf |
| vulnerability_id |
VCID-g5ek-ebw1-ebhf |
| summary |
Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.14 |
| purl |
pkg:gem/puppet@2.6.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.14 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.11 |
| purl |
pkg:gem/puppet@2.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.11 |
|
|
| aliases |
CVE-2012-1053, GHSA-77hg-g8cc-5r37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g5ek-ebw1-ebhf |
|
| 8 |
| url |
VCID-gfnp-y7y2-f7fu |
| vulnerability_id |
VCID-gfnp-y7y2-f7fu |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.15 |
| purl |
pkg:gem/puppet@2.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1906, GHSA-c4mc-49hq-q275
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gfnp-y7y2-f7fu |
|
| 9 |
| url |
VCID-khb1-phav-ukf8 |
| vulnerability_id |
VCID-khb1-phav-ukf8 |
| summary |
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-khb1-phav-ukf8 |
|
| 10 |
| url |
VCID-mn3q-6cs1-ukcq |
| vulnerability_id |
VCID-mn3q-6cs1-ukcq |
| summary |
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-10689, GHSA-vw22-465p-8j5w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mn3q-6cs1-ukcq |
|
| 11 |
| url |
VCID-msp5-ahmq-hbc3 |
| vulnerability_id |
VCID-msp5-ahmq-hbc3 |
| summary |
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.4 |
| purl |
pkg:gem/puppet@2.6.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.4 |
|
|
| aliases |
CVE-2011-0528, GHSA-9pvx-fwwh-w289
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-msp5-ahmq-hbc3 |
|
| 12 |
| url |
VCID-nrht-tzzq-eqhs |
| vulnerability_id |
VCID-nrht-tzzq-eqhs |
| summary |
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.26 |
| purl |
pkg:gem/puppet@2.7.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.26 |
|
| 1 |
| url |
pkg:gem/puppet@3.6.2 |
| purl |
pkg:gem/puppet@3.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.6.2 |
|
|
| aliases |
CVE-2014-3248, GHSA-92v7-pq4h-58j5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nrht-tzzq-eqhs |
|
| 13 |
| url |
VCID-qhz5-1muw-dqgn |
| vulnerability_id |
VCID-qhz5-1muw-dqgn |
| summary |
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.17 |
| purl |
pkg:gem/puppet@2.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 12 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 13 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 14 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 15 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 16 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.17 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3867, GHSA-q44r-f2hm-v76v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qhz5-1muw-dqgn |
|
| 14 |
| url |
VCID-rc1a-umc9-nfa8 |
| vulnerability_id |
VCID-rc1a-umc9-nfa8 |
| summary |
Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/puppet@2.6.0 |
| purl |
pkg:gem/puppet@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.0 |
|
| 2 |
| url |
pkg:gem/puppet@4.4.2 |
| purl |
pkg:gem/puppet@4.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@4.4.2 |
|
|
| aliases |
CVE-2016-2785, GHSA-pqj5-7r86-64fv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rc1a-umc9-nfa8 |
|
| 15 |
| url |
VCID-ta3j-j5s5-hfba |
| vulnerability_id |
VCID-ta3j-j5s5-hfba |
| summary |
Improper Authentication
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3408, GHSA-vxf6-w9mp-95hm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ta3j-j5s5-hfba |
|
| 16 |
| url |
VCID-thv1-66q2-uuc9 |
| vulnerability_id |
VCID-thv1-66q2-uuc9 |
| summary |
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.15 |
| purl |
pkg:gem/puppet@2.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 7 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 8 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 9 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 10 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 11 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 12 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 13 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 14 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 15 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 16 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 17 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 18 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1987, GHSA-v58w-6xc2-w799
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-thv1-66q2-uuc9 |
|
| 17 |
|
| 18 |
| url |
VCID-vxdt-q1t7-27hh |
| vulnerability_id |
VCID-vxdt-q1t7-27hh |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.21 |
| purl |
pkg:gem/puppet@2.7.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.21 |
|
| 1 |
| url |
pkg:gem/puppet@3.1.1 |
| purl |
pkg:gem/puppet@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.1.1 |
|
|
| aliases |
CVE-2013-1655, GHSA-574q-fxfj-wv6h
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vxdt-q1t7-27hh |
|
| 19 |
| url |
VCID-wqm7-m41f-pqfm |
| vulnerability_id |
VCID-wqm7-m41f-pqfm |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.22 |
| purl |
pkg:gem/puppet@2.7.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.22 |
|
| 1 |
| url |
pkg:gem/puppet@3.2.2 |
| purl |
pkg:gem/puppet@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.2.2 |
|
|
| aliases |
CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wqm7-m41f-pqfm |
|
| 20 |
| url |
VCID-xhmp-nrhy-zfcn |
| vulnerability_id |
VCID-xhmp-nrhy-zfcn |
| summary |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.17 |
| purl |
pkg:gem/puppet@2.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 12 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 13 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 14 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 15 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 16 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.17 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 5 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 6 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 7 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 8 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 9 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 10 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 11 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 12 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 13 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 14 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 15 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3865, GHSA-g89m-3wjw-h857
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xhmp-nrhy-zfcn |
|
| 21 |
| url |
VCID-xxht-cd83-7qb9 |
| vulnerability_id |
VCID-xxht-cd83-7qb9 |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.11 |
| purl |
pkg:gem/puppet@2.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.11 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.5 |
| purl |
pkg:gem/puppet@2.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-38dv-ps67-r7f7 |
|
| 1 |
| vulnerability |
VCID-7wuf-dtva-x7ej |
|
| 2 |
| vulnerability |
VCID-8n86-g8a8-f7a9 |
|
| 3 |
| vulnerability |
VCID-982t-up4e-t7eg |
|
| 4 |
| vulnerability |
VCID-df8e-jf8b-puec |
|
| 5 |
| vulnerability |
VCID-ear8-9pcm-zqfz |
|
| 6 |
| vulnerability |
VCID-fjyu-jwpx-sfe5 |
|
| 7 |
| vulnerability |
VCID-g5ek-ebw1-ebhf |
|
| 8 |
| vulnerability |
VCID-gfnp-y7y2-f7fu |
|
| 9 |
| vulnerability |
VCID-khb1-phav-ukf8 |
|
| 10 |
| vulnerability |
VCID-mn3q-6cs1-ukcq |
|
| 11 |
| vulnerability |
VCID-msp5-ahmq-hbc3 |
|
| 12 |
| vulnerability |
VCID-nrht-tzzq-eqhs |
|
| 13 |
| vulnerability |
VCID-qhz5-1muw-dqgn |
|
| 14 |
| vulnerability |
VCID-ta3j-j5s5-hfba |
|
| 15 |
| vulnerability |
VCID-thv1-66q2-uuc9 |
|
| 16 |
| vulnerability |
VCID-tstb-eb21-hkhp |
|
| 17 |
| vulnerability |
VCID-vxdt-q1t7-27hh |
|
| 18 |
| vulnerability |
VCID-wqm7-m41f-pqfm |
|
| 19 |
| vulnerability |
VCID-xhmp-nrhy-zfcn |
|
| 20 |
| vulnerability |
VCID-xxht-cd83-7qb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5 |
|
|
| aliases |
CVE-2011-3870, GHSA-qh3g-27jf-3j54
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xxht-cd83-7qb9 |
|
|
|---|