FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3bd3c9f8-41ee-11ec-9bac-589cfc007716puppet -- Unsafe HTTP Redirect

Puppet reports:

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.


Discovery 2021-11-09
Entry 2021-11-10
puppet6
lt 6.25.1

puppet7
lt 7.12.1

puppetserver6
lt 6.17.1

puppetserver7
lt 7.4.2

CVE-2021-27023
https://puppet.com/security/cve/cve-2021-27023
36def7ba-6d2b-11ea-b115-643150d3111dpuppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API

Puppetlabs reports:

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network.

PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default.


Discovery 2020-03-10
Entry 2020-03-23
puppetdb5
lt 5.2.13

puppetdb6
lt 6.9.1

puppetserver5
lt 5.3.12

puppetserver6
lt 6.9.2

CVE-2020-7943
https://puppet.com/security/cve/CVE-2020-7943/