Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/936018?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "puppetserver", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "7.9.5-2", "latest_non_vulnerable_version": "8.7.0-6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334368?format=api", "vulnerability_id": "VCID-ctnu-wcs1-dfa2", "summary": "A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25565", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25601", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25373", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25442", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25502", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26773", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26823", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5459" }, { "reference_url": "https://portal.perforce.com/s/detail/a91PA000001SiDdYAK", "reference_id": "a91PA000001SiDdYAK", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:30:51Z/" } ], "url": "https://portal.perforce.com/s/detail/a91PA000001SiDdYAK" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-5459" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctnu-wcs1-dfa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309066?format=api", "vulnerability_id": "VCID-huc8-7hdd-ukam", "summary": "In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09714", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09832", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09753", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09825", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09884", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09848", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10360" }, { "reference_url": "https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255", "reference_id": "insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T16:11:54Z/" } ], "url": "https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-10360" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huc8-7hdd-ukam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15327?format=api", "vulnerability_id": "VCID-pj4s-vjbb-u7h7", "summary": "Improper Access Control\nPuppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38122", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38229", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38242", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38214", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38273", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387" }, { "reference_url": "https://github.com/puppetlabs/puppet/commits/4.4.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commits/4.4.2" }, { "reference_url": "https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2" }, { "reference_url": "https://security.gentoo.org/glsa/201606-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201606-02" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331024", "reference_id": "1331024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331024" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2785", "reference_id": "CVE-2016-2785", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2785" }, { "reference_url": "https://puppet.com/security/cve/cve-2016-2785", "reference_id": "CVE-2016-2785", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2016-2785" }, { "reference_url": "https://github.com/advisories/GHSA-pqj5-7r86-64fv", "reference_id": "GHSA-pqj5-7r86-64fv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqj5-7r86-64fv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2785", "GHSA-pqj5-7r86-64fv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4s-vjbb-u7h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78046?format=api", "vulnerability_id": "VCID-prfa-kwxa-hya6", "summary": "puppet: Denial of Service for Revocation of Auto Renewed Certificates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33537", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33422", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33419", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35489", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5255" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242146", "reference_id": "2242146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242146" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-5255" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-prfa-kwxa-hya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11674?format=api", "vulnerability_id": "VCID-qdsk-m9ye-z3a4", "summary": "Unsafe HTTP Redirect in Puppet Agent and Puppet Server\nA flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60603", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60563", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60584", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60577", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60516", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60441", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023859", "reference_id": "2023859", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023859" }, { "reference_url": "https://security.archlinux.org/AVG-2541", "reference_id": "AVG-2541", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2541" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27023", "reference_id": "CVE-2021-27023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27023" }, { "reference_url": "https://puppet.com/security/cve/CVE-2021-27023", "reference_id": "CVE-2021-27023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2021-27023" }, { "reference_url": "https://github.com/advisories/GHSA-93j5-g845-9wqp", "reference_id": "GHSA-93j5-g845-9wqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93j5-g845-9wqp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1478", "reference_id": "RHSA-2022:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1708", "reference_id": "RHSA-2022:1708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4866", "reference_id": "RHSA-2022:4866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4867", "reference_id": "RHSA-2022:4867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-27023", "GHSA-93j5-g845-9wqp" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81521?format=api", "vulnerability_id": "VCID-ugqt-zyga-1ydy", "summary": "puppet: puppet server and puppetDB may leak sensitive information via metrics API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98474", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98493", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98488", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98487", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98479", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.9848", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.65366", "scoring_system": "epss", "scoring_elements": "0.98483", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://puppet.com/security/cve/CVE-2020-7943/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2020-7943/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828486", "reference_id": "1828486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828486" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7943", "reference_id": "CVE-2020-7943", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-7943" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151141?format=api", "vulnerability_id": "VCID-wctw-qqds-f7en", "summary": "Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.", "references": [ { "reference_url": "http://puppetlabs.com/security/cve/cve-2014-7170", "reference_id": "", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2014-7170" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13223", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13336", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13438", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13503", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13379", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13365", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13318", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7170" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7170", "reference_id": "CVE-2014-7170", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7170" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936018?format=api", "purl": "pkg:deb/debian/puppetserver@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936017?format=api", "purl": "pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936020?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936019?format=api", "purl": "pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wctw-qqds-f7en" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie" }