>= 4.0.0, < 4.4.2
>= 7.0.0, < 7.12.1
MEDIUM6.5CVE-2021-27023Unsafe HTTP Redirect in Puppet Agent and Puppet Server >= 7.0.0, < 7.12.1
MEDIUM6.5Improper Certificate Validation in Puppet
>= 6.0.0, < 6.13.0
MEDIUM5.5Tarball permission preservation in puppet
from 0, < 4.10.10
—Puppet does not properly restrict access to node resources
>= 2.6.0, < 2.6.4
—Puppet uses predictable filenames, allowing arbitrary file overwrite
>= 2.7.0, < 2.7.5
—Puppet arbitrary file overwrite
>= 2.7.0, < 2.7.5
—Puppet allows local users to modify the permissions of arbitrary files
>= 2.7.0, < 2.7.5
—puppet - several
>= 2.6, < 2.6.15
—Puppet Arbitrary Command Execution
>= 2.6.0, < 2.6.15
—Puppet Denial of Service and Arbitrary File Write
>= 2.6.0, < 2.6.15
—puppet - several
>= 2.6, < 2.6.14
—Puppet arbitrary files overwrite via a symlink attack
>= 0.24.0, < 0.24.9
—Puppet allows local users to overwrite arbitrary files via a symlink attack
>= 2.7.1, < 2.7.13
—Puppet supports use of IP addresses in certnames without warning of potential risks
from 0, < 2.7.18
—puppet - several
>= 2.7.0, < 2.7.23
—puppet - code execution
>= 2.7.0, < 2.7.22
—Puppet allows local users to obtain sensitive configuration information
>= 2.7.0, < 2.7.18
—Puppet vulnerable to Path Traversal
from 0, < 2.6.17
—Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
from 0, < 2.6.17
—Puppet Improper Input Validation vulnerability
>= 2.7.0, < 2.7.21
—facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
from 0, < 2.7.26