The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Puppet Labs Puppet

computer threat bulletin CVE-2018-11746

Puppet Discovery: information disclosure via HTTP Basic Auth

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP Basic Auth of Puppet Discovery, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 03/07/2018.
Identifiers: CVE-2018-11746, VIGILANCE-VUL-26606.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Puppet Discovery product offers a web service.

However, an attacker can read the password in the Basic Auth if the session does not use HTTPS

An attacker can therefore use a vulnerability via HTTP Basic Auth of Puppet Discovery, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000201

Puppet: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of Puppet, in order to execute code.
Severity: 2/4.
Creation date: 27/06/2018.
Identifiers: CVE-2018-1000201, VIGILANCE-VUL-26558.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of Puppet, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-12536

Eclipse Jetty: information disclosure via InvalidPathException Message

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via InvalidPathException Message of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2018-12536, NTAP-20181014-0001, VIGILANCE-VUL-26536.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via InvalidPathException Message of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7658

Eclipse Jetty: information disclosure via Double Content-Length

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Double Content-Length of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2017-7658, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26535.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Double Content-Length of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2017-7657

Eclipse Jetty: information disclosure via Transfer-Encoding Request Smuggling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Transfer-Encoding Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2017-7657, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26534.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Transfer-Encoding Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2017-7656

Eclipse Jetty: information disclosure via HTTP/0.9 Request Smuggling

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: 1103493, CVE-2017-7656, DSA-4278-1, FEDORA-2018-48b73ed393, FEDORA-2018-93a507fd0f, NTAP-20181014-0001, VIGILANCE-VUL-26533.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Eclipse Jetty product offers a web service.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability via HTTP/0.9 Request Smuggling of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2018-12538

Eclipse Jetty: privilege escalation via FileSessionDataStore

Synthesis of the vulnerability

An attacker can bypass restrictions via FileSessionDataStore of Eclipse Jetty, in order to escalate his privileges.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: 536018, CVE-2018-12538, NTAP-20181014-0001, VIGILANCE-VUL-26512.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via FileSessionDataStore of Eclipse Jetty, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-6516

Puppet: privilege escalation via PE Client Tools

Synthesis of the vulnerability

An attacker can bypass restrictions via PE Client Tools of Puppet, in order to escalate his privileges.
Severity: 2/4.
Creation date: 08/06/2018.
Identifiers: CVE-2018-6516, VIGILANCE-VUL-26363.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via PE Client Tools of Puppet, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2018-6515

Puppet Agent: privilege escalation via pxp-agent

Synthesis of the vulnerability

An attacker can bypass restrictions via pxp-agent of Puppet Agent, in order to escalate his privileges.
Severity: 2/4.
Creation date: 08/06/2018.
Identifiers: CVE-2018-6515, VIGILANCE-VUL-26362.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via pxp-agent of Puppet Agent, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2018-6514

Puppet Agent: privilege escalation via Shared Libraries

Synthesis of the vulnerability

An attacker can bypass restrictions via Shared Libraries of Puppet Agent, in order to escalate his privileges.
Severity: 2/4.
Creation date: 08/06/2018.
Identifiers: CVE-2018-6514, VIGILANCE-VUL-26361.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Shared Libraries of Puppet Agent, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Puppet Labs Puppet: