RSS   Podatności dla 'Puppet agent'   RSS

2021-11-18
 
CVE-2021-27023

NVD-CWE-noinfo
 

 
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

 
 
CVE-2021-27025

NVD-CWE-noinfo
 

 
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

 
2019-11-29
 
CVE-2015-1855

CWE-20
 

 
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

 

 >>> Vendor: Puppet 19 Produkty
Discovery
Enterprise
Firewall
Puppet
Puppet enterprise
Puppet dashboard
Mcollective
Facter
Hiera
Puppet server
Stdlib
Puppet agent
Puppetlabs-apache
Chloride
Marionette collective
Continuous delivery
Puppetdb
Remediate
Puppet connect


Copyright 2024, cxsecurity.com

 

Back to Top