CVE-2021-27019Log File Information Exposure in Puppetdb

CWE-532Log File Information Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Puppet PuppetdbPuppet Enterprise
Timeline
PublishedAug 30
Latest updateMay 24

Description

PuppetDB logging included potentially sensitive system information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDpuppet/puppetdb6.0.06.16.1+1
Debianpuppet/puppetdb< 7.11.2-2+1
NVDpuppet/puppet_enterprise< 2019.8.6

🔴Vulnerability Details

3
GHSA
GHSA-7jgx-q4jq-pp55: PuppetDB logging included potentially sensitive system information2022-05-24
OSV
CVE-2021-27019: PuppetDB logging included potentially sensitive system information2021-08-30
CVEList
CVE-2021-27019: PuppetDB logging included potentially sensitive system information2021-08-30

📋Vendor Advisories

1
Debian
CVE-2021-27019: puppetdb - PuppetDB logging included potentially sensitive system information.2021
CVE-2021-27019 — Log File Information Exposure | cvebase