CVE-2021-27022

Name of the Vulnerable Software and Affected Versions bolt-server and ace (affected versions not specified) Puppet (affected versions not specified)

Description A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). The vulnerability in Puppet is related to insufficient protection of registration data, allowing a remote attacker to access confidential data.

Recommendations For bolt-server and ace, consider restricting the logging of tasks with sensitive parameters until a fix is available. For Puppet, restrict access to registration data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.