Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
Typedeb
Namespacedebian
Namepuppetserver
Version7.9.5-2+deb12u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.7.0-5
Latest_non_vulnerable_version8.7.0-6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bqtz-8vkk-xbg6
vulnerability_id VCID-bqtz-8vkk-xbg6
summary puppet: Puppet Server ReDoS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1894.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1894.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1894
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17426
published_at 2026-04-02T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17253
published_at 2026-04-16T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17415
published_at 2026-04-11T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17366
published_at 2026-04-12T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17312
published_at 2026-04-13T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17473
published_at 2026-04-04T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17252
published_at 2026-04-07T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17343
published_at 2026-04-08T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.17402
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1894
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541
reference_id 1035541
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2193088
reference_id 2193088
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2193088
5
reference_url https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos
reference_id cve-2023-1894-puppet-server-redos
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:55:33Z/
url https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos
6
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:deb/debian/puppetserver@7.9.5-2?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2023-1894
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqtz-8vkk-xbg6
1
url VCID-ctnu-wcs1-dfa2
vulnerability_id VCID-ctnu-wcs1-dfa2
summary A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5459
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25565
published_at 2026-04-02T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.25601
published_at 2026-04-04T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25373
published_at 2026-04-07T12:55:00Z
3
value 0.0009
scoring_system epss
scoring_elements 0.25442
published_at 2026-04-08T12:55:00Z
4
value 0.0009
scoring_system epss
scoring_elements 0.2549
published_at 2026-04-09T12:55:00Z
5
value 0.0009
scoring_system epss
scoring_elements 0.25502
published_at 2026-04-11T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26766
published_at 2026-04-13T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26773
published_at 2026-04-16T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26823
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5459
1
reference_url https://portal.perforce.com/s/detail/a91PA000001SiDdYAK
reference_id a91PA000001SiDdYAK
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:30:51Z/
url https://portal.perforce.com/s/detail/a91PA000001SiDdYAK
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2025-5459
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctnu-wcs1-dfa2
2
url VCID-huc8-7hdd-ukam
vulnerability_id VCID-huc8-7hdd-ukam
summary In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-10360
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.09714
published_at 2026-04-16T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.09832
published_at 2026-04-13T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09804
published_at 2026-04-02T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.09853
published_at 2026-04-04T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09753
published_at 2026-04-07T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.09825
published_at 2026-04-08T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.09877
published_at 2026-04-09T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.09884
published_at 2026-04-11T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.09848
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-10360
1
reference_url https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255
reference_id insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T16:11:54Z/
url https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2025-10360
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-huc8-7hdd-ukam
3
url VCID-pj4s-vjbb-u7h7
vulnerability_id VCID-pj4s-vjbb-u7h7
summary 
Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2785
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38122
published_at 2026-04-01T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38229
published_at 2026-04-16T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.38182
published_at 2026-04-13T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.38206
published_at 2026-04-12T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.38242
published_at 2026-04-11T12:55:00Z
5
value 0.0017
scoring_system epss
scoring_elements 0.38223
published_at 2026-04-09T12:55:00Z
6
value 0.0017
scoring_system epss
scoring_elements 0.38214
published_at 2026-04-08T12:55:00Z
7
value 0.0017
scoring_system epss
scoring_elements 0.38164
published_at 2026-04-07T12:55:00Z
8
value 0.0017
scoring_system epss
scoring_elements 0.38296
published_at 2026-04-04T12:55:00Z
9
value 0.0017
scoring_system epss
scoring_elements 0.38273
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2785
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
4
reference_url https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387
5
reference_url https://github.com/puppetlabs/puppet/commits/4.4.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commits/4.4.2
6
reference_url https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
reference_id
reference_type
scores
url https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
7
reference_url https://security.gentoo.org/glsa/201606-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201606-02
8
reference_url https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1331024
reference_id 1331024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1331024
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2785
reference_id CVE-2016-2785
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2785
33
reference_url https://puppet.com/security/cve/cve-2016-2785
reference_id CVE-2016-2785
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2016-2785
34
reference_url https://github.com/advisories/GHSA-pqj5-7r86-64fv
reference_id GHSA-pqj5-7r86-64fv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqj5-7r86-64fv
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2016-2785, GHSA-pqj5-7r86-64fv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4s-vjbb-u7h7
4
url VCID-prfa-kwxa-hya6
vulnerability_id VCID-prfa-kwxa-hya6
summary puppet: Denial of Service for Revocation of Auto Renewed Certificates
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5255
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33504
published_at 2026-04-02T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33378
published_at 2026-04-07T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33537
published_at 2026-04-04T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33422
published_at 2026-04-08T12:55:00Z
4
value 0.00136
scoring_system epss
scoring_elements 0.33457
published_at 2026-04-09T12:55:00Z
5
value 0.00136
scoring_system epss
scoring_elements 0.3346
published_at 2026-04-11T12:55:00Z
6
value 0.00136
scoring_system epss
scoring_elements 0.33419
published_at 2026-04-12T12:55:00Z
7
value 0.0015
scoring_system epss
scoring_elements 0.35529
published_at 2026-04-16T12:55:00Z
8
value 0.0015
scoring_system epss
scoring_elements 0.35489
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5255
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242146
reference_id 2242146
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2242146
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2023-5255
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prfa-kwxa-hya6
5
url VCID-qdsk-m9ye-z3a4
vulnerability_id VCID-qdsk-m9ye-z3a4
summary 
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27023
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60603
published_at 2026-04-16T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60563
published_at 2026-04-13T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60584
published_at 2026-04-12T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60598
published_at 2026-04-11T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60577
published_at 2026-04-09T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60561
published_at 2026-04-08T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60512
published_at 2026-04-07T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60543
published_at 2026-04-04T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60516
published_at 2026-04-02T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60441
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27023
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023859
reference_id 2023859
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023859
9
reference_url https://security.archlinux.org/AVG-2541
reference_id AVG-2541
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2541
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27023
reference_id CVE-2021-27023
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27023
11
reference_url https://puppet.com/security/cve/CVE-2021-27023
reference_id CVE-2021-27023
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2021-27023
12
reference_url https://github.com/advisories/GHSA-93j5-g845-9wqp
reference_id GHSA-93j5-g845-9wqp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93j5-g845-9wqp
13
reference_url https://access.redhat.com/errata/RHSA-2022:1478
reference_id RHSA-2022:1478
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1478
14
reference_url https://access.redhat.com/errata/RHSA-2022:1708
reference_id RHSA-2022:1708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1708
15
reference_url https://access.redhat.com/errata/RHSA-2022:4866
reference_id RHSA-2022:4866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4866
16
reference_url https://access.redhat.com/errata/RHSA-2022:4867
reference_id RHSA-2022:4867
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4867
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2021-27023, GHSA-93j5-g845-9wqp
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4
6
url VCID-ugqt-zyga-1ydy
vulnerability_id VCID-ugqt-zyga-1ydy
summary puppet: puppet server and puppetDB may leak sensitive information via metrics API
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7943
reference_id
reference_type
scores
0
value 0.65366
scoring_system epss
scoring_elements 0.98474
published_at 2026-04-01T12:55:00Z
1
value 0.65366
scoring_system epss
scoring_elements 0.98493
published_at 2026-04-16T12:55:00Z
2
value 0.65366
scoring_system epss
scoring_elements 0.98485
published_at 2026-04-09T12:55:00Z
3
value 0.65366
scoring_system epss
scoring_elements 0.98488
published_at 2026-04-11T12:55:00Z
4
value 0.65366
scoring_system epss
scoring_elements 0.98487
published_at 2026-04-13T12:55:00Z
5
value 0.65366
scoring_system epss
scoring_elements 0.98475
published_at 2026-04-02T12:55:00Z
6
value 0.65366
scoring_system epss
scoring_elements 0.98479
published_at 2026-04-04T12:55:00Z
7
value 0.65366
scoring_system epss
scoring_elements 0.9848
published_at 2026-04-07T12:55:00Z
8
value 0.65366
scoring_system epss
scoring_elements 0.98483
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7943
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://puppet.com/security/cve/CVE-2020-7943/
reference_id
reference_type
scores
url https://puppet.com/security/cve/CVE-2020-7943/
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1828486
reference_id 1828486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1828486
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7943
reference_id CVE-2020-7943
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2020-7943
9
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2020-7943
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy
7
url VCID-wctw-qqds-f7en
vulnerability_id VCID-wctw-qqds-f7en
summary Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.
references
0
reference_url http://puppetlabs.com/security/cve/cve-2014-7170
reference_id
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2014-7170
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7170
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13223
published_at 2026-04-16T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13336
published_at 2026-04-01T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13438
published_at 2026-04-02T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13503
published_at 2026-04-04T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13296
published_at 2026-04-07T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13379
published_at 2026-04-08T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13429
published_at 2026-04-09T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.134
published_at 2026-04-11T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13365
published_at 2026-04-12T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13318
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7170
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7170
reference_id CVE-2014-7170
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2014-7170
fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
aliases CVE-2014-7170
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wctw-qqds-f7en
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie