Vulnerabilities (CVE)

Filtered by vendor Puppet Subscribe

Filtered by product Puppet Server

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-27023	2 Fedoraproject, Puppet	4 Fedora, Puppet Agent, Puppet Enterprise and 1 more	2022-01-24	5.0 MEDIUM	9.8 CRITICAL
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
CVE-2016-2785	1 Puppet	3 Puppet, Puppet Agent, Puppet Server	2021-09-09	7.5 HIGH	9.8 CRITICAL
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.