Puppet Enterprise 2017.1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:puppet:puppet_enterprise:2017.1.0:*:*:*:*:*:*:*
part: a version: 2017.1.0 update: *
| Vendor | Puppet (056a1ba3-12b3-5ecf-a97f-ab3b403c7816) |
|---|---|
| Product | Puppet Enterprise (f0f1d1ad-3d9e-59c3-8dee-09d0423ff49c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/puppetlabs/puppet |
purl2cpe | 2026-06-01 10:14:37.329965 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-2297 |
vulnerable | 2026-06-03 14:37:07.222546 |
Details available
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.
Published: 2018-02-01T22:00:00.000Z
Updated: 2024-09-17T00:56:12.336Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2296 |
vulnerable | 2026-06-03 14:37:07.221020 |
Details available
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
Published: 2018-02-01T22:00:00.000Z
Updated: 2024-09-17T03:48:29.424Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2294 |
vulnerable | 2026-06-03 14:37:07.217812 |
Details available
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore.
Published: 2017-07-05T15:00:00.000Z
Updated: 2024-09-17T02:20:34.679Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2293 |
vulnerable | 2026-06-03 14:37:07.216858 |
Details available
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.
Published: 2018-02-01T22:00:00.000Z
Updated: 2024-09-16T17:33:31.679Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.