Puppet » Puppet Enterprise : Security Vulnerabilities, CVEs, (Overflow)

CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Max CVSS
8.0
EPSS Score
0.90%
Published
2018-02-09
Updated
2022-01-24

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Max CVSS
7.5
EPSS Score
96.28%
Published
2017-07-13
Updated
2022-01-24

CVE-2016-5716

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
Max CVSS
8.8
EPSS Score
0.37%
Published
2017-08-09
Updated
2019-07-10
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close