Puppet 5.3.4

CPE Details

Puppet 5.3.4
puppet
puppet
5.3.4
2019-10-21
19h26 +00:00
2019-10-21
19h26 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:puppet:puppet:5.3.4:*:*:*:*:*:*:*

Informations

Vendor

puppet

Product

puppet

Version

5.3.4

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-27021 2021-07-20 08h44 +00:00 A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
8.8
Haute
CVE-2018-6513 2018-06-11 20h00 +00:00 Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.
8.8
Haute
CVE-2018-6514 2018-06-11 20h00 +00:00 In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
7.8
Haute
CVE-2018-6515 2018-06-11 20h00 +00:00 Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
7.8
Haute