Puppet Enterprise
Approved changes feed: RSS · Atom
cpe:2.3:a:perforce:puppet_enterprise:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Perforce (b6773f0f-3a72-52f1-9555-ff325a988421) |
|---|---|
| Product | Puppet Enterprise (f96b3a32-f05d-574b-8e2e-53f13faf26a2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5459 |
vulnerable | 2026-06-03 15:07:53.648911 |
OS Command Injection
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
Published: 2025-06-26T06:30:56.546Z
Updated: 2025-07-03T09:25:04.719Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10360 |
vulnerable | 2026-06-03 14:58:34.021017 |
Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.
Published: 2025-09-24T15:49:47.210Z
Updated: 2025-09-24T16:12:48.979Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.