📦

puppet

Vendor: puppet

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 7 Remote Access

Total CVEs 327 Total Indexed

Avg. EPSS 0.67% Exploit Prob.

Latest CVE CVE-2021-27026 Nov 18

Security Vulnerability Index

Page 5 / 33

5.0 CVSS

CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

EPSS: 0.43%

Severity: MEDIUM

Oct 27, 2011

3.3 CVSS

CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.

EPSS: 0.03%

Severity: LOW

Mar 03, 2010

Displaying 2 of 327 Total Entries

3 4 5 6 7 ... 33

Total 33 Sections