Ruby/puppet/3.4.0.rc1


Puppet, an automated administrative engine for your Linux, Unix, and Windows systems, performs administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification.

https://rubygems.org/gems/puppet
UNKNOWN

11 Security Vulnerabilities

facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability

Published date: 2017-10-24T18:33:36Z
CVE: CVE-2014-3248
Links:

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

Affected versions: ["3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

Published date: 2021-12-02T17:52:45Z
CVE: CVE-2021-27023
Links:

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Improper Certificate Validation in Puppet

Published date: 2021-04-13T15:42:19Z
CVE: CVE-2020-7942
Links:

Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting strict_hostname_checking = true in puppet.conf on your Puppet master. Puppet 6.13.0 changes the default behavior for stricthostnamechecking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set stricthostnamechecking to true to ensure secure behavior.

Affected versions: ["5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Silent Configuration Failure in Puppet Agent

Published date: 2021-12-02T17:54:25Z
CVE: CVE-2021-27025
Links:

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Tarball permission preservation in puppet

Published date: 2022-05-13T01:41:57Z
CVE: CVE-2017-10689
Links:

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask.

When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions.

Affected versions: ["5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Published date: 2017-10-24
CVE: 2014-3248
Links:

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operatingsystem.rb, (2) Win32API.rb, (3) Win32API.so, (4) safeyaml.rb, (5) safeyaml/deep.rb, or (6) safeyaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

Affected versions: ["3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Puppet Improper Access Control

Published date: 2016-04-26
CVE: 2016-2785
CVSS V2: 7.5
CVSS V3: 9.8
Links:

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

Affected versions: ["4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Tarball permission preservation in puppet

Published date: 2022-05-13
CVE: 2017-10689
CVSS V3: 5.5
Links:

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask.

When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions.

Affected versions: ["5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Improper Certificate Validation in Puppet

Published date: 2021-04-13
CVE: 2020-7942
CVSS V3: 6.5
Links:

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting strict_hostname_checking = true in puppet.conf on your Puppet master. Puppet 6.13.0 changes the default behavior for stricthostnamechecking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior.

Affected versions: ["6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

Published date: 2021-12-02
CVE: 2021-27023
CVSS V3: 6.5
Links:

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "7.0.0", "7.1.0", "7.3.0", "6.20.0", "7.4.0", "6.21.0", "7.4.1", "6.21.1", "7.5.0", "7.6.1", "6.22.1", "7.7.0", "7.8.0", "6.23.0", "7.9.0", "6.24.0", "7.10.0", "7.11.0", "7.12.0", "6.26.0", "6.27.0", "6.28.0", "6.29.0"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

Silent Configuration Failure in Puppet Agent

Published date: 2021-12-02
CVE: 2021-27025
CVSS V3: 6.5
Links:

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "7.0.0", "7.1.0", "7.3.0", "6.20.0", "7.4.0", "6.21.0", "7.4.1", "6.21.1", "7.5.0", "7.6.1", "6.22.1", "7.7.0", "7.8.0", "6.23.0", "7.9.0", "6.24.0", "7.10.0", "7.11.0", "7.12.0", "6.26.0", "6.27.0", "6.28.0", "6.29.0"]
Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0, 8.7.0, 7.31.0, 8.8.1, 7.32.1, 8.3.0, 8.9.0, 7.33.0, 8.10.0, 7.34.0]
Recommendation: Update to version 8.10.0.

300 Other Versions

Version License Security Released
6.0.1 UNKNOWN 6 2018-10-02 - 16:29 about 6 years
6.0.0 UNKNOWN 6 2018-09-18 - 18:27 about 6 years
5.5.22 UNKNOWN 4 2020-10-20 - 17:22 about 4 years
5.5.21 UNKNOWN 4 2020-07-14 - 16:11 over 4 years
5.5.20 UNKNOWN 4 2020-04-30 - 16:14 over 4 years
5.5.19 UNKNOWN 4 2020-03-10 - 19:46 over 4 years
5.5.18 UNKNOWN 5 2020-01-14 - 17:39 almost 5 years
5.5.17 UNKNOWN 5 2019-10-15 - 17:17 about 5 years
5.5.16 UNKNOWN 5 2019-07-16 - 16:25 over 5 years
5.5.14 UNKNOWN 5 2019-04-30 - 15:10 over 5 years
5.5.13 UNKNOWN 5 2019-04-16 - 13:49 over 5 years
5.5.12 UNKNOWN 5 2019-03-26 - 13:59 over 5 years
5.5.10 UNKNOWN 5 2019-01-15 - 15:04 almost 6 years
5.5.8 UNKNOWN 5 2018-11-01 - 13:57 about 6 years
5.5.7 UNKNOWN 5 2018-10-23 - 19:13 about 6 years
5.5.6 UNKNOWN 5 2018-08-22 - 17:00 about 6 years
5.5.3 UNKNOWN 5 2018-07-17 - 16:32 over 6 years
5.5.2 UNKNOWN 5 2018-06-20 - 17:19 over 6 years
5.5.1 UNKNOWN 5 2018-04-18 - 21:04 over 6 years
5.5.0 UNKNOWN 5 2018-03-20 - 18:32 over 6 years
5.4.0 UNKNOWN 6 2018-02-14 - 18:40 over 6 years
5.3.7 UNKNOWN 6 2018-06-20 - 17:05 over 6 years
5.3.6 UNKNOWN 6 2018-04-18 - 15:38 over 6 years
5.3.5 UNKNOWN 6 2018-02-13 - 21:04 over 6 years
5.3.4 UNKNOWN 6 2018-02-05 - 18:13 almost 7 years
5.3.3 UNKNOWN 8 2017-11-06 - 17:44 about 7 years
5.3.2 UNKNOWN 8 2017-10-05 - 17:09 about 7 years
5.3.1 UNKNOWN 8 2017-10-02 - 20:50 about 7 years
5.2.0 UNKNOWN 8 2017-09-13 - 19:00 about 7 years
5.1.0 UNKNOWN 8 2017-08-17 - 21:48 about 7 years
5.0.1 UNKNOWN 8 2017-07-19 - 20:31 over 7 years
5.0.0 UNKNOWN 8 2017-06-27 - 22:29 over 7 years
4.10.12 UNKNOWN 6 2018-06-20 - 16:52 over 6 years
4.10.11 UNKNOWN 6 2018-04-18 - 16:00 over 6 years
4.10.10 UNKNOWN 6 2018-02-05 - 18:02 almost 7 years
4.10.9 UNKNOWN 7 2017-11-14 - 18:14 almost 7 years
4.10.8 UNKNOWN 7 2017-09-14 - 20:04 about 7 years
4.10.7 UNKNOWN 7 2017-09-06 - 18:54 about 7 years
4.10.6 UNKNOWN 7 2017-08-09 - 17:10 over 7 years
4.10.5 UNKNOWN 7 2017-07-26 - 20:23 over 7 years
4.10.4 UNKNOWN 7 2017-06-19 - 16:39 over 7 years
4.10.1 UNKNOWN 7 2017-05-11 - 13:04 over 7 years
4.10.0 UNKNOWN 7 2017-04-05 - 20:44 over 7 years
4.9.4 UNKNOWN 8 2017-03-09 - 22:01 over 7 years
4.9.3 UNKNOWN 8 2017-02-27 - 17:50 over 7 years
4.9.2 UNKNOWN 8 2017-02-10 - 17:51 almost 8 years
4.9.1 UNKNOWN 8 2017-02-03 - 16:42 almost 8 years
4.9.0 UNKNOWN 8 2017-01-31 - 22:29 almost 8 years
4.8.2 UNKNOWN 8 2017-01-19 - 22:09 almost 8 years
4.8.1 UNKNOWN 8 2016-11-22 - 21:31 almost 8 years
4.8.0 UNKNOWN 8 2016-11-02 - 04:15 about 8 years
4.7.1 UNKNOWN 8 2017-01-17 - 23:41 almost 8 years
4.7.0 UNKNOWN 8 2016-09-22 - 21:04 about 8 years
4.6.2 UNKNOWN 8 2016-09-02 - 00:51 about 8 years
4.6.1 UNKNOWN 8 2016-08-23 - 17:49 about 8 years
4.5.3 UNKNOWN 8 2016-07-20 - 18:45 over 8 years
4.5.2 UNKNOWN 8 2016-06-14 - 19:59 over 8 years
4.5.1 UNKNOWN 8 2016-06-01 - 18:18 over 8 years
4.5.0 UNKNOWN 8 2016-05-20 - 17:10 over 8 years
4.4.2 UNKNOWN 8 2016-04-26 - 21:17 over 8 years
4.4.1 UNKNOWN 10 2016-03-23 - 20:14 over 8 years
4.4.0 UNKNOWN 10 2016-03-16 - 20:53 over 8 years
4.3.2 UNKNOWN 10 2016-01-25 - 19:57 almost 9 years
4.3.1 UNKNOWN 10 2015-11-30 - 18:51 almost 9 years
4.3.0 UNKNOWN 10 2015-11-17 - 18:35 almost 9 years
4.2.3 UNKNOWN 10 2015-10-29 - 23:24 about 9 years
4.2.2 UNKNOWN 10 2015-09-14 - 19:11 about 9 years
4.2.1 UNKNOWN 10 2015-07-22 - 20:52 over 9 years
4.2.0 UNKNOWN 10 2015-06-24 - 22:51 over 9 years
4.1.0 UNKNOWN 10 2015-05-20 - 22:07 over 9 years
4.0.0 UNKNOWN 10 2015-04-15 - 17:14 over 9 years
4.0.0.rc1 UNKNOWN 9 2015-03-19 - 17:57 over 9 years
3.8.7 UNKNOWN 9 2016-04-26 - 16:58 over 8 years
3.8.6 UNKNOWN 9 2016-03-11 - 17:38 over 8 years
3.8.5 UNKNOWN 9 2016-01-21 - 22:14 almost 9 years
3.8.4 UNKNOWN 9 2015-11-04 - 00:39 about 9 years
3.8.3 UNKNOWN 9 2015-09-21 - 23:28 about 9 years
3.8.2 UNKNOWN 9 2015-08-06 - 22:04 over 9 years
3.8.1 UNKNOWN 9 2015-05-26 - 18:01 over 9 years
3.7.5 UNKNOWN 9 2015-03-26 - 16:24 over 9 years
3.7.4 UNKNOWN 9 2015-01-27 - 23:49 almost 10 years
3.7.3 UNKNOWN 9 2014-11-04 - 17:42 about 10 years
3.7.2 UNKNOWN 9 2014-10-22 - 18:41 about 10 years
3.7.1 UNKNOWN 9 2014-09-15 - 22:20 about 10 years
3.7.0 UNKNOWN 9 2014-09-04 - 18:03 about 10 years
3.6.2 UNKNOWN 9 2014-06-10 - 17:25 over 10 years
3.6.1 UNKNOWN 11 2014-05-22 - 22:34 over 10 years
3.6.0 UNKNOWN 11 2014-05-15 - 18:38 over 10 years
3.6.0.rc1 UNKNOWN 11 2014-05-06 - 17:20 over 10 years
3.5.1 UNKNOWN 11 2014-04-16 - 20:32 over 10 years
3.5.1.rc1 UNKNOWN 11 2014-04-11 - 00:40 over 10 years
3.5.0.rc3 UNKNOWN 11 2014-03-31 - 23:17 over 10 years
3.5.0.rc2 UNKNOWN 11 2014-03-25 - 01:37 over 10 years
3.5.0.rc1 UNKNOWN 11 2014-03-14 - 23:15 over 10 years
3.4.3 UNKNOWN 11 2014-02-19 - 20:56 over 10 years
3.4.2 UNKNOWN 11 2014-01-07 - 00:30 almost 11 years
3.4.1 UNKNOWN 11 2013-12-26 - 18:15 almost 11 years
3.4.0 UNKNOWN 11 2013-12-19 - 22:50 almost 11 years
3.4.0.rc2 UNKNOWN 11 2013-12-10 - 23:56 almost 11 years
3.4.0.rc1 UNKNOWN 11 2013-12-03 - 18:04 almost 11 years