Vendor Dictionary: Puppet Labs

Puppet Labs

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

Puppet Labs

Puppet Labs

Puppet: 2.6.3; OSVDB ID: 70684 Puppet Missing auth.conf Cross-node Authentication Bypass Resource Modification; 2.6.14; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 2.7.12; OSVDB ID: 81310 Puppet NET::Telnet Connection Output Log Creation Symlink Arbitrary File Overwrite; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 2.6.14; 2.7.12; 2.6.14; 2.7.12; 2.6.14; 2.7.12; 2.7.12; 2.7.17; OSVDB ID: 83692 Puppet Last Run Report Permission Weakness Local Information Disclosure; OSVDB ID: 84866 Puppet lib/puppet/network/authstore.rb Certname IP Address Remote Agent Spoofing Weakness; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; 2.6.16; OSVDB ID: 84866 Puppet lib/puppet/network/authstore.rb Certname IP Address Remote Agent Spoofing Weakness; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; 2.7.17; 2.6.16; 2.7.17; 2.6.16; 2.7.17; 2.7.17; 2.6.16; 2.6.13; OSVDB ID: 79495 Puppet Forked Process Group Permission Dropping Weakness Local Group Privilege Escalation; OSVDB ID: 79496 Puppet k5login File Symlink File Overwrite Local Privilege Escalation; 2.7.10; OSVDB ID: 79496 Puppet k5login File Symlink File Overwrite Local Privilege Escalation; 2.7.10; OSVDB ID: 79495 Puppet Forked Process Group Permission Dropping Weakness Local Group Privilege Escalation; 2.7.14; OSVDB ID: 87905 Puppet Forge Module Untar UID/GID File Ownership Weakness; 0.25.0; OSVDB ID: 87909 Puppet CA Certificate Server / Client Cross-agent Signing Weakness; 0.25.3; OSVDB ID: 87909 Puppet CA Certificate Server / Client Cross-agent Signing Weakness; Unspecified; OSVDB ID: 87962 Puppet Firewall Module (puppetlabs-firewall) Default Protocol Resource Weakness; 0.24.4; OSVDB ID: 88205 Puppet Common Filebucket Cross-VPS Instance File Disclosure; 0.24.4; OSVDB ID: 88213 Puppet exec Type Shell Metacharacter Handling Command Injection; 0.25.4; OSVDB ID: 88217 Puppet resource.rb User Group Assignment Privilege Escalation Weakness; 0.25.5; OSVDB ID: 88218 Puppet New File Creation Ownership Weakness; 2.6.2; OSVDB ID: 88219 Puppet puppetd CA Validation Failure Unauthorized MiTM Master Code Execution; 2.6.4; OSVDB ID: 88220 Puppet puppet-agent Log File User Password Plaintext Local Disclosure; Unspecified; OSVDB ID: 88223 Puppet File Manipulation Insecure MD5 File Checksum Weakness; Unspecified; OSVDB ID: 88321 Puppet suidmanager.rb Puppet::Util::SUIDManager Supplementary Groups Real GID Inclusion; 2.6.3; OSVDB ID: 88497 Puppet External Program Call Path Subversion Local Privilege Escalation; 2.6.7; OSVDB ID: 88497 Puppet External Program Call Path Subversion Local Privilege Escalation; 0.24.4; OSVDB ID: 88595 Puppet ca_key.pem / ca_crl.pem Certificate Files Permission Weakness Local Disclosure; 2.7.0; OSVDB ID: 90009 Puppet Multiple Function CSRF; 2.7.0; OSVDB ID: 90010 Puppet pe_mcollective Module Unspecified SSL Key Catalog Disclosure; 2.6.17; OSVDB ID: 91222 Puppet Master Catalog Compilation template ' inline_template Functions Remote Code Execution; OSVDB ID: 91223 Puppet Unspecified Remote Client Privilege Escalation; OSVDB ID: 91225 Puppet Crafted Report Request Remote Code Execution; OSVDB ID: 91226 Puppet Arbitrary Node Report Submission Weakness; 2.7.20; OSVDB ID: 91222 Puppet Master Catalog Compilation template ' inline_template Functions Remote Code Execution; OSVDB ID: 91223 Puppet Unspecified Remote Client Privilege Escalation; OSVDB ID: 91224 Puppet Master Unspecified Parameter Parsing Remote Code Execution; OSVDB ID: 91226 Puppet Arbitrary Node Report Submission Weakness; 3.1.0; OSVDB ID: 91222 Puppet Master Catalog Compilation template ' inline_template Functions Remote Code Execution; OSVDB ID: 91223 Puppet Unspecified Remote Client Privilege Escalation; OSVDB ID: 91228 Puppet run REST Endpoint Crafted HTTP Request Remote Code Execution; OSVDB ID: 91224 Puppet Master Unspecified Parameter Parsing Remote Code Execution; OSVDB ID: 91226 Puppet Arbitrary Node Report Submission Weakness; 2.6.17; 2.7.20; 3.1.0; 2.7.20; 3.1.0; 2.6.17; 2.6.17; 2.7.20; 3.1.0; 2.6.17; OSVDB ID: 91227 Puppet Client Negotiation SSLv2 Forced Downgrade Weakness; 2.7.20; OSVDB ID: 91227 Puppet Client Negotiation SSLv2 Forced Downgrade Weakness; 3.1.0; OSVDB ID: 91227 Puppet Client Negotiation SSLv2 Forced Downgrade Weakness; 2.7.20; OSVDB ID: 91228 Puppet run REST Endpoint Crafted HTTP Request Remote Code Execution; 3.1.0; 2.5.x; OSVDB ID: 91950 Puppet /etc/puppetlabs/console-auth/cas_client_config.yml Missing Randomized Secret Crafted Cookie Handling Authentication Bypass; 2.6.x; OSVDB ID: 91950 Puppet /etc/puppetlabs/console-auth/cas_client_config.yml Missing Randomized Secret Crafted Cookie Handling Authentication Bypass; 2.7.0; OSVDB ID: 91950 Puppet /etc/puppetlabs/console-auth/cas_client_config.yml Missing Randomized Secret Crafted Cookie Handling Authentication Bypass; 2.7.1; OSVDB ID: 91950 Puppet /etc/puppetlabs/console-auth/cas_client_config.yml Missing Randomized Secret Crafted Cookie Handling Authentication Bypass; 2.7.2; OSVDB ID: 91950 Puppet /etc/puppetlabs/console-auth/cas_client_config.yml Missing Randomized Secret Crafted Cookie Handling Authentication Bypass

Puppet Enterprise: 2.5.0; OSVDB ID: 81310 Puppet NET::Telnet Connection Output Log Creation Symlink Arbitrary File Overwrite; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 1.0; OSVDB ID: 79495 Puppet Forked Process Group Permission Dropping Weakness Local Group Privilege Escalation; OSVDB ID: 84561 Puppet Dashboard / Enterprise Multiple Unspecified Parameter XSS; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 79496 Puppet k5login File Symlink File Overwrite Local Privilege Escalation; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 1.1; OSVDB ID: 79495 Puppet Forked Process Group Permission Dropping Weakness Local Group Privilege Escalation; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 79496 Puppet k5login File Symlink File Overwrite Local Privilege Escalation; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 1.2.x; OSVDB ID: 81310 Puppet NET::Telnet Connection Output Log Creation Symlink Arbitrary File Overwrite; OSVDB ID: 79495 Puppet Forked Process Group Permission Dropping Weakness Local Group Privilege Escalation; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 79496 Puppet k5login File Symlink File Overwrite Local Privilege Escalation; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 2.0.x; OSVDB ID: 81310 Puppet NET::Telnet Connection Output Log Creation Symlink Arbitrary File Overwrite; OSVDB ID: 84866 Puppet lib/puppet/network/authstore.rb Certname IP Address Remote Agent Spoofing Weakness; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; OSVDB ID: 81309 Puppet File Bucket Request Parsing Arbitrary Shell Command Execution; OSVDB ID: 81307 Puppet Remote Filebucket REST Request Parsing Symlink Arbitrary File Access; OSVDB ID: 81308 Puppet Marshalled Puppet::FileBucket::File Object REST Request Parsing Remote DoS; OSVDB ID: 81306 Puppet Mac OS X Package Installation Temporary File Symlink Arbitrary File Overwrite; 2.5.0; 1.0; 1.1; 1.2.x; 2.0.x; 2.5.0; 1.0; 1.1; 1.2.x; 2.0.x; 2.5.0; 1.0; 1.1; 1.2.x; 2.0.x; 2.5.0; 1.2.x; 2.0.x; 2.5.1; OSVDB ID: 83692 Puppet Last Run Report Permission Weakness Local Information Disclosure; OSVDB ID: 84866 Puppet lib/puppet/network/authstore.rb Certname IP Address Remote Agent Spoofing Weakness; OSVDB ID: 83693 Puppet Certificate Signing Mechanism Text Order Manipulation; OSVDB ID: 83694 Puppet HTTP Request Parsing Arbitrary File Disclosure; OSVDB ID: 83695 Puppet Delete Request Parsing Arbitrary File Deletion; 2.5.1; 1.0; 1.1; 1.2.x; 2.0.x; 2.5.1; 2.0.x; 1.1; 1.2.x; 1.0; 2.5.1; 2.0.x; 1.1; 1.2.x; 1.0; 1.0; 1.1; OSVDB ID: 84561 Puppet Dashboard / Enterprise Multiple Unspecified Parameter XSS; 1.2.x; OSVDB ID: 84561 Puppet Dashboard / Enterprise Multiple Unspecified Parameter XSS; 2.0.x; 2.5.1; 2.0.2; OSVDB ID: 79495 Puppet Forked Process Group Permission Dropping Weakness Local Group Privilege Escalation; OSVDB ID: 79496 Puppet k5login File Symlink File Overwrite Local Privilege Escalation; 2.0; OSVDB ID: 87959 Puppet Dashboard PE Console String Display Cleartext Password Disclosure; 1.2.6; OSVDB ID: 91222 Puppet Master Catalog Compilation template ' inline_template Functions Remote Code Execution; OSVDB ID: 91223 Puppet Unspecified Remote Client Privilege Escalation; OSVDB ID: 91225 Puppet Crafted Report Request Remote Code Execution; OSVDB ID: 91226 Puppet Arbitrary Node Report Submission Weakness; 2.7.1; OSVDB ID: 91222 Puppet Master Catalog Compilation template ' inline_template Functions Remote Code Execution; OSVDB ID: 91223 Puppet Unspecified Remote Client Privilege Escalation; OSVDB ID: 91226 Puppet Arbitrary Node Report Submission Weakness; 1.2.6; 2.7.1; 1.2.6; 1.2.6; 2.7.1; 1.2.6; OSVDB ID: 91227 Puppet Client Negotiation SSLv2 Forced Downgrade Weakness; 2.7.1; OSVDB ID: 91227 Puppet Client Negotiation SSLv2 Forced Downgrade Weakness; 2.7.1; OSVDB ID: 91228 Puppet run REST Endpoint Crafted HTTP Request Remote Code Execution; 2.6.0; OSVDB ID: 91262 Puppet Enterprise Session Secret Regeneration Current Session Termination Weakness

Marionette Collective: Unspecified; OSVDB ID: 87955 Marionette Collective (mcollective) Inventory Service EC2 Metadata Cleartext AWS Credential Disclosure

Facter: Unspecified; OSVDB ID: 87943 Facter Search Path Subversion Local Privilege Escalation

Puppet Standard Library: 2.1.x; OSVDB ID: 87898 Puppet Standard Library (stdlib) facter_dot_d.rb /tmp/facts_cache.yml Symlink Arbitrary File Overwrite

Puppet Dashboard: 1.0; OSVDB ID: 84561 Puppet Dashboard / Enterprise Multiple Unspecified Parameter XSS; 1.2.4; OSVDB ID: 84561 Puppet Dashboard / Enterprise Multiple Unspecified Parameter XSS

Puppet Forge: Unspecified; OSVDB ID: 87938 Puppet Forge Arbitrary User Module / Content Remote Manipulation; Unspecified; OSVDB ID: 87939 Puppet Forge Views / Markup Multiple Field XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.