CVE-2021-27023
published 2021-11-18CVE-2021-27023: A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| debian | puppet-agent | — | — |
| debian | puppetserver | — | — |
| fedoraproject | fedora | — | — |
| puppet | puppet | >= 0 < 6.25.1 | 6.25.1 |
| puppet | puppet | >= 7.0.0 < 7.12.1 | 7.12.1 |
| puppet | puppet_agent | < 6.25.1 | 6.25.1 |
| puppet | puppet_agent | >= 7.0.0 < 7.12.1 | 7.12.1 |
| puppet | puppet_enterprise | < 2019.8.9 | 2019.8.9 |
| puppet | puppet_enterprise | >= 2021.0.0 < 2021.4 | 2021.4 |
| puppet | puppet_server | < 6.17.1 | 6.17.1 |
| puppet | puppet_server | >= 7.0.0 < 7.4.2 | 7.4.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL