Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/935972?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "type": "deb", "namespace": "debian", "name": "puppet", "version": "0", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.25.1-3", "latest_non_vulnerable_version": "5.5.22-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/157133?format=api", "vulnerability_id": "VCID-1dbs-z8sn-e3fv", "summary": "Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07363", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07396", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07356", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07137", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07293", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07376", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07372", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07271", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2015-7328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2015-7328" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7328", "reference_id": "CVE-2015-7328", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7328" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2015-7328" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dbs-z8sn-e3fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/187607?format=api", "vulnerability_id": "VCID-37yk-3v22-4qg7", "summary": "The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78307", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78301", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78185", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78232", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78247", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78271", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78268", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6512" }, { "reference_url": "https://puppet.com/security/cve/CVE-2018-6512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2018-6512" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:pe-razor-server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:pe-razor-server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:pe-razor-server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:razor-server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:razor-server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:razor-server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6512", "reference_id": "CVE-2018-6512", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6512" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-6512" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37yk-3v22-4qg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145212?format=api", "vulnerability_id": "VCID-3jdp-jh74-37c6", "summary": "Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12509", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12653", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12465", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12544", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12594", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12561", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1252", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12481", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12384", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12388", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12504", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12511", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12477", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jdp-jh74-37c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/292411?format=api", "vulnerability_id": "VCID-4tw7-zg73-q3cd", "summary": "A privilege escalation allowing remote code execution was discovered in the orchestration service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07317", "scoring_system": "epss", "scoring_elements": "0.91652", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91923", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.9193", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91948", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91951", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.9195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91947", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.9196", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91965", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.91963", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2530" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator", "reference_id": "cve-2023-2530-remote-code-execution-orchestrator", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-07T15:41:11Z/" } ], "url": "https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-2530" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tw7-zg73-q3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145082?format=api", "vulnerability_id": "VCID-56xc-5fxu-kka3", "summary": "Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4749", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4752", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47544", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4754", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47563", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47539", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47547", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47549", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4762" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4762" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56xc-5fxu-kka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145220?format=api", "vulnerability_id": "VCID-5uhz-zcuf-4uej", "summary": "The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45041", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45063", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45006", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45058", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4508", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45094", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45046", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44957", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44963", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5uhz-zcuf-4uej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/143404?format=api", "vulnerability_id": "VCID-6vjt-rsq7-ekc9", "summary": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30311", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30262", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30297", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30093", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29977", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1399" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-1399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vjt-rsq7-ekc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/143403?format=api", "vulnerability_id": "VCID-729g-ky6n-1yfg", "summary": "The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69846", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69859", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69874", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69899", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69915", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69939", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69923", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69952", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69962", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69944", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69995", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.70004", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1398" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-1398" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-729g-ky6n-1yfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/141819?format=api", "vulnerability_id": "VCID-7kzg-339v-vqbs", "summary": "Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36465", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36641", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36582", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36553", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36529", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36556", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.365", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36271", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36241", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5158" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2012-5158" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kzg-339v-vqbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/170770?format=api", "vulnerability_id": "VCID-82mm-jjnu-sbfa", "summary": "In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57596", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57732", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57735", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57713", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5767", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5769", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2017-2296" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82mm-jjnu-sbfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/245933?format=api", "vulnerability_id": "VCID-84e7-2rxq-b7e1", "summary": "A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56296", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56399", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56421", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56444", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56457", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56429", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56356", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56376", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27022" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-27022" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84e7-2rxq-b7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145217?format=api", "vulnerability_id": "VCID-92u1-6e9d-tqga", "summary": "Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30311", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30262", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30297", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30093", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29977", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4963" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92u1-6e9d-tqga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145221?format=api", "vulnerability_id": "VCID-a1p5-fyr1-wuaq", "summary": "Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is \"seeded as a console parameter,\" External Node Classifiers, and the lack of access control for /nodes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48286", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48295", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4835", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48405", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48339", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4967" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1p5-fyr1-wuaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/187605?format=api", "vulnerability_id": "VCID-bccx-uph7-67cj", "summary": "A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48674", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48721", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48607", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48648", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48669", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48672", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48664", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48725", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6510" }, { "reference_url": "https://puppet.com/security/cve/CVE-2018-6510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2018-6510" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6510", "reference_id": "CVE-2018-6510", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6510" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-6510" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bccx-uph7-67cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54797?format=api", "vulnerability_id": "VCID-bjts-v9q2-9yg8", "summary": "several", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4073.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.8572", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85732", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85751", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85786", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85798", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85794", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85812", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85817", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85811", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85834", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02664", "scoring_system": "epss", "scoring_elements": "0.85844", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164" }, { "reference_url": "https://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=979251", "reference_id": "979251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1090", "reference_id": "RHSA-2013:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1103", "reference_id": "RHSA-2013:1103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1137", "reference_id": "RHSA-2013:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1137" }, { "reference_url": "https://usn.ubuntu.com/1902-1/", "reference_id": "USN-1902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4073", "GHSA-3gpq-xx45-4rr9", "OSV-94628" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjts-v9q2-9yg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78452?format=api", "vulnerability_id": "VCID-bqtz-8vkk-xbg6", "summary": "puppet: Puppet Server ReDoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1894.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1894.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17176", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17259", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17292", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17197", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17473", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17343", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17415", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17366", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17312", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17253", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1894" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541", "reference_id": "1035541", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193088", "reference_id": "2193088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193088" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos", "reference_id": "cve-2023-1894-puppet-server-redos", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:55:33Z/" } ], "url": "https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-1894" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqtz-8vkk-xbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/187606?format=api", "vulnerability_id": "VCID-bsa9-fu5y-p7at", "summary": "A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48674", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48721", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48607", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48648", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48669", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48672", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48664", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48725", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6511" }, { "reference_url": "https://puppet.com/security/cve/CVE-2018-6511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2018-6511" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6511", "reference_id": "CVE-2018-6511", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-6511" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bsa9-fu5y-p7at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145215?format=api", "vulnerability_id": "VCID-bu53-ez2r-vfcr", "summary": "Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48286", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48295", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4835", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48405", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48339", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4961" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bu53-ez2r-vfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/155198?format=api", "vulnerability_id": "VCID-d6vw-w8g1-q7fk", "summary": "Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a \"Certificate Authority Reverse Proxy Vulnerability.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4100", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5076", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50741", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50766", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50779", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50817", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50824", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50802", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4100" }, { "reference_url": "https://puppet.com/security/cve/CVE-2015-4100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2015-4100" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4100", "reference_id": "CVE-2015-4100", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:P" }, { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4100" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2015-4100" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6vw-w8g1-q7fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145218?format=api", "vulnerability_id": "VCID-dnjn-tqgb-g7fs", "summary": "Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4749", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4752", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47544", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4754", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47563", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47539", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47547", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47549", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4964" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnjn-tqgb-g7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162231?format=api", "vulnerability_id": "VCID-eggd-sxe6-dbh3", "summary": "Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71736", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71743", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71737", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71787", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71811", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71819", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71807", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71854", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71859", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5715" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-5715" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eggd-sxe6-dbh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145219?format=api", "vulnerability_id": "VCID-ekj3-h7sp-33fg", "summary": "Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72443", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72466", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72481", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72493", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72499", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72531", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.7254", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72529", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72572", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.7258", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4965" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekj3-h7sp-33fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145223?format=api", "vulnerability_id": "VCID-eqmw-4ast-tqc3", "summary": "Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48286", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48295", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4835", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48405", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48339", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4971" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqmw-4ast-tqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/170771?format=api", "vulnerability_id": "VCID-he38-9hxb-9ycb", "summary": "Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53517", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53558", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53609", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53598", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5356", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53572", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2297" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2017-2297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he38-9hxb-9ycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80593?format=api", "vulnerability_id": "VCID-hexs-rr6c-pqap", "summary": "puppet-agent: Deserialization of untrusted data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30323", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30354", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29996", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30221", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30175", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30111", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30216", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30311", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30224", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30239", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927502", "reference_id": "1927502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927502" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2021-27017-deserialization-untrusted-data", "reference_id": "cve-2021-27017-deserialization-untrusted-data", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-07T19:46:04Z/" } ], "url": "https://www.puppet.com/security/cve/cve-2021-27017-deserialization-untrusted-data" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-27017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hexs-rr6c-pqap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176544?format=api", "vulnerability_id": "VCID-muyn-v1ah-27br", "summary": "When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35115", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34994", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35035", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3505", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34757", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34738", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11749" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-11749" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-muyn-v1ah-27br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152341?format=api", "vulnerability_id": "VCID-mv4z-k16a-hfgr", "summary": "Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.", "references": [ { "reference_url": "http://puppetlabs.com/security/cve/cve-2014-9355", "reference_id": "", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2014-9355" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26177", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26415", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26509", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26284", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26352", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26411", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26364", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26306", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26289", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26253", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26182", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9355" }, { "reference_url": "http://secunia.com/advisories/61265", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61265" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9355", "reference_id": "CVE-2014-9355", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9355" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2014-9355" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mv4z-k16a-hfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/164138?format=api", "vulnerability_id": "VCID-mz9n-ttkc-bfhx", "summary": "The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59203", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59277", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59327", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5933", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59312", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59345", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5931", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59329", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-9686" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mz9n-ttkc-bfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83402?format=api", "vulnerability_id": "VCID-n8dt-ef15-wfgv", "summary": "puppet-agent: pxp-agent attempts to configure OpenSSL from uncontrolled location", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4421", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44175", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44252", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44171", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44278", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44308", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44333", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44324", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6515" }, { "reference_url": "https://puppet.com/security/cve/CVE-2018-6515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2018-6515" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588925", "reference_id": "1588925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588925" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6515", "reference_id": "CVE-2018-6515", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-6515" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8dt-ef15-wfgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60466?format=api", "vulnerability_id": "VCID-p3cs-jvy5-pyda", "summary": "Multiple vulnerabilities have been found in Puppet Server and\n Agent, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72314", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72305", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72178", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72183", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72203", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72215", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7225", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7222", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72263", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72273", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7226", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2786" }, { "reference_url": "https://puppet.com/security/cve/CVE-2016-2786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2016-2786" }, { "reference_url": "https://security.gentoo.org/glsa/201606-02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-02" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2786", "reference_id": "CVE-2016-2786", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2786" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-2786" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3cs-jvy5-pyda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15327?format=api", "vulnerability_id": "VCID-pj4s-vjbb-u7h7", "summary": "Improper Access Control\nPuppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.37945", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38122", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38214", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38242", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.37969", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38143", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38209", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38229", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387" }, { "reference_url": "https://github.com/puppetlabs/puppet/commits/4.4.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commits/4.4.2" }, { "reference_url": "https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2" }, { "reference_url": "https://security.gentoo.org/glsa/201606-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201606-02" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331024", "reference_id": "1331024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331024" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2785", "reference_id": "CVE-2016-2785", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2785" }, { "reference_url": "https://puppet.com/security/cve/cve-2016-2785", "reference_id": "CVE-2016-2785", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2016-2785" }, { "reference_url": "https://github.com/advisories/GHSA-pqj5-7r86-64fv", "reference_id": "GHSA-pqj5-7r86-64fv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqj5-7r86-64fv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-2785", "GHSA-pqj5-7r86-64fv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4s-vjbb-u7h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78046?format=api", "vulnerability_id": "VCID-prfa-kwxa-hya6", "summary": "puppet: Denial of Service for Revocation of Auto Renewed Certificates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33537", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33422", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33419", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35231", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35208", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35519", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5255" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242146", "reference_id": "2242146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242146" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-5255" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-prfa-kwxa-hya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148380?format=api", "vulnerability_id": "VCID-qs9z-st4f-gkcq", "summary": "Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.", "references": [ { "reference_url": "http://puppetlabs.com/security/cve/cve-2014-3249", "reference_id": "", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2014-3249" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48339", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48286", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48295", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4835", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48405", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.484", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3249" }, { "reference_url": "http://secunia.com/advisories/59197", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59197" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3249", "reference_id": "CVE-2014-3249", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3249" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2014-3249" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs9z-st4f-gkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/187609?format=api", "vulnerability_id": "VCID-rqbn-6eng-tyhs", "summary": "Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57798", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57779", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57792", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57813", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57786", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57816", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57845", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57844", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57821", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6513" }, { "reference_url": "https://puppet.com/security/cve/CVE-2018-6513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2018-6513" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6513", "reference_id": "CVE-2018-6513", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6513" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-6513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqbn-6eng-tyhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145222?format=api", "vulnerability_id": "VCID-rt19-c3m9-yyfx", "summary": "Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to \"live management.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55499", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.5561", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55635", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55664", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55667", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55676", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55656", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55638", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.5566", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55587", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55604", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4968" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4968" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rt19-c3m9-yyfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/245930?format=api", "vulnerability_id": "VCID-s3wm-tmvz-tbhj", "summary": "Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65664", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65714", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65744", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.6571", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65763", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65795", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65781", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65752", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65787", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65801", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.658", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.65811", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27020" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-27020" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3wm-tmvz-tbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/160618?format=api", "vulnerability_id": "VCID-s8jz-vr9t-87dy", "summary": "The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38666", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38815", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38743", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3878", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38753", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38776", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38697", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38517", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-2787" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8jz-vr9t-87dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145213?format=api", "vulnerability_id": "VCID-sd5c-wx86-t3c1", "summary": "Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the \"no-cache\" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17591", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17754", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17529", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17601", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17546", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17588", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17476", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4959" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4959" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd5c-wx86-t3c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145210?format=api", "vulnerability_id": "VCID-sqqa-bcxy-9uht", "summary": "Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45093", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4511", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45078", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4508", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45129", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45122", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45073", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44985", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.44991", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4955" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqqa-bcxy-9uht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/170768?format=api", "vulnerability_id": "VCID-txcc-y6jy-q7a6", "summary": "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45134", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45237", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4518", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45235", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45225", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45276", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4527", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45221", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45133", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45141", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2293" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2017-2293" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txcc-y6jy-q7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/187611?format=api", "vulnerability_id": "VCID-u5hk-xgp2-4qea", "summary": "On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44175", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44171", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4421", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44278", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44308", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44333", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44324", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44252", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6516" }, { "reference_url": "https://puppet.com/security/cve/CVE-2018-6516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2018-6516" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise_client_tools:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise_client_tools:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise_client_tools:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6516", "reference_id": "CVE-2018-6516", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6516" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-6516" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5hk-xgp2-4qea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/157135?format=api", "vulnerability_id": "VCID-u983-ve5j-gkgr", "summary": "The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60128", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.6023", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60248", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.6025", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.6029", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60284", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60255", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60271", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7331" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2015-7331" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u983-ve5j-gkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81521?format=api", "vulnerability_id": "VCID-ugqt-zyga-1ydy", "summary": "puppet: puppet server and puppetDB may leak sensitive information via metrics API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98474", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98499", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98493", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98494", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98495", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98479", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.9848", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98483", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98488", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98487", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://puppet.com/security/cve/CVE-2020-7943/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2020-7943/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828486", "reference_id": "1828486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828486" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7943", "reference_id": "CVE-2020-7943", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7943" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145216?format=api", "vulnerability_id": "VCID-v1kq-tkfx-bycx", "summary": "The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57416", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57499", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.5752", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57496", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57548", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57552", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57525", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57528", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57487", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57507", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4962" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2013-4962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kq-tkfx-bycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81734?format=api", "vulnerability_id": "VCID-v61q-45uv-uuf7", "summary": "puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11751.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44826", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44922", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44924", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44945", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44915", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44968", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44912", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44821", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44829", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11751" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788261", "reference_id": "1788261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2018-11751" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v61q-45uv-uuf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/156680?format=api", "vulnerability_id": "VCID-vyk2-e5pa-bff3", "summary": "Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40771", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40798", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40773", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40765", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40746", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40761", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40683", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40586", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40575", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2015-6501" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyk2-e5pa-bff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83685?format=api", "vulnerability_id": "VCID-wnjy-ggeb-eqcn", "summary": "puppet: Environment leakage in puppet-agent", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41184", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41277", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41264", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41308", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41279", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41095", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4109", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566764", "reference_id": "1566764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566764" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2017-10690" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjy-ggeb-eqcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/170769?format=api", "vulnerability_id": "VCID-xqap-n8rp-g7fn", "summary": "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53738", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53757", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53758", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.5381", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53864", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53844", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53823", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2294" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2017-2294" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqap-n8rp-g7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162232?format=api", "vulnerability_id": "VCID-y3ft-rkcs-7kg2", "summary": "The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.82931", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.82947", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.82959", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.82956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.82981", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.82989", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.83005", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.84838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.84833", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.84854", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.84855", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.84853", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.84879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.8489", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5716" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935972?format=api", "purl": "pkg:deb/debian/puppet@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-5716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ft-rkcs-7kg2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye" }