GCVE - cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Puppet (`056a1ba3-12b3-5ecf-a97f-ab3b403c7816`)
Product	Puppet Enterprise (`f0f1d1ad-3d9e-59c3-8dee-09d0423ff49c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/puppetlabs/puppet`	purl2cpe	2026-06-01 10:14:37.329911

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4963`	vulnerable	2026-06-03 14:33:20.157095	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact. Published: 2014-03-14T16:00:00.000Z Updated: 2024-08-06T16:59:41.266Z Open on db.gcve.eu Reference links http://puppetlabs.com/security/cve/cve-2013-4963	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-3567`	vulnerable	2026-06-03 14:33:07.762337	Details available Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Published: 2013-08-19T23:00:00.000Z Updated: 2024-08-06T16:14:56.276Z Open on db.gcve.eu Reference links http://secunia.com/advisories/54429 http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html http://www.debian.org/security/2013/dsa-2715 http://www.ubuntu.com/usn/USN-1886-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1988`	vulnerable	2026-06-03 14:31:45.845464	Details available Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. Published: 2012-05-29T20:00:00.000Z Updated: 2024-08-06T19:17:27.716Z Open on db.gcve.eu Reference links http://www.osvdb.org/81309 http://ubuntu.com/usn/usn-1419-1 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html http://puppetlabs.com/security/cve/cve-2012-1988/ http://projects.puppetlabs.com/issues/13518	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0891`	vulnerable	2026-06-03 14:31:40.209729	Details available Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. Published: 2014-03-14T16:00:00.000Z Updated: 2024-08-06T18:38:15.060Z Open on db.gcve.eu Reference links http://puppetlabs.com/security/cve/cve-2012-0891	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.