📦 Puppet Enterprise

CVE-2023-2530 is a critical privilege escalation vulnerability in Puppet's orchestration service that allows authenticated users to execute arbitrary code with elevated privileges. This affects organi...

This vulnerability in Puppet Agent and Puppet Server allows HTTP credentials to be leaked when following redirects to different hosts. Attackers could intercept authentication tokens or credentials du...

This vulnerability allows authenticated users with node group editing permissions in Puppet Enterprise to execute arbitrary commands as root on the primary host by exploiting improper neutralization o...

CVE-2021-27020 is a CSV injection vulnerability in Puppet Enterprise where user input wasn't properly sanitized during CSV export operations. This allows attackers to inject malicious formulas or comm...