Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 80 results


CVE-2023-5255

Medium priority
Needs evaluation

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.

1 affected packages

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-1894

Medium priority
Needs evaluation

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

2 affected packages

puppet, puppetserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
puppetserver Needs evaluation Not in release Not in release Not in release Ignored
Show less packages

CVE-2022-3276

Medium priority
Needs evaluation

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare...

1 affected packages

puppet-module-puppetlabs-mysql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-mysql Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-3275

Medium priority
Needs evaluation

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in...

1 affected packages

puppet-module-puppetlabs-apt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-apt Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-0675

Medium priority
Needs evaluation

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave...

1 affected packages

puppet-module-puppetlabs-firewall

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-firewall Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-27025

Medium priority
Needs evaluation

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

1 affected packages

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-27023

Medium priority
Needs evaluation

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

1 affected packages

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-27022

Low priority
Needs evaluation

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

1 affected packages

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-27020

Medium priority
Needs evaluation

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.

1 affected packages

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-27019

Medium priority
Needs evaluation

PuppetDB logging included potentially sensitive system information.

1 affected packages

puppetdb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppetdb Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages