Puppet

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*

part: a version: * update: *

VendorPuppetlabs (e023c4c9-4ef3-5dfc-811f-40b125d813f1)
ProductPuppet (f85421cc-fb88-5f61-ac25-5034f11e702a)
Edition*
Language*
Software editionenterprise
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/puppet purl2cpe 2026-06-01 10:11:47.126826
pkg:deb/ubuntu/puppet purl2cpe 2026-06-01 10:11:47.126828
pkg:gem/puppet purl2cpe 2026-06-01 10:11:47.126829
pkg:github/puppetlabs/puppet purl2cpe 2026-06-01 10:11:47.126830
pkg:rpm/fedora/puppet purl2cpe 2026-06-01 10:11:47.126832
pkg:rpm/opensuse/puppet purl2cpe 2026-06-01 10:11:47.126833

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-2275 vulnerable 2026-06-03 14:33:00.539471 Details available
The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.
Published: 2013-03-20T16:00:00.000Z
Updated: 2024-08-06T15:27:41.177Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-1652 vulnerable 2026-06-03 14:32:50.679770 Details available
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
Published: 2013-03-20T16:00:00.000Z
Updated: 2024-08-06T15:13:31.710Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.