The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPuppet Pe Razor Server
APPPuppet< 1.9.0.0Puppet Enterprise
APPPuppet2018.1.0 – 2018.1.1 (bez)Puppet Razor Server
APPPuppet< 1.9.0.0
Related vulnerabilities
A privilege escalation allowing remote code execution was discovered in the orchestration service.
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when fol...
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end ...
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via p...
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arb...