PT-2021-8198 · Puppet+3 · Puppet Server+4

Published

2021-11-18

Updated

2024-12-03

CVE-2021-27023

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Puppet Agent and Puppet Server (affected versions not specified)

Description A flaw in Puppet Agent and Puppet Server may result in a leak of HTTP credentials when following HTTP redirects to a different host. This issue is related to the unprotected transmission of credentials, which could allow a remote attacker to access confidential information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-523

Related Identifiers

BDU:2024-10798

CVE-2021-27023

GHSA-93J5-G845-9WQP

RHSA-2022:1478

RHSA-2022:1708

RHSA-2022:4866

RHSA-2022:4867

SUSE-SU-2022:3355-1

SUSE-SU-2022:3794-1

SUSE-SU-2022_3355-1

SUSE-SU-2022_3794-1

Affected Products

Debian

Puppet Agent

Puppet Server

Red Os

Suse

PT-2021-8198 · Puppet+3 · Puppet Server+4

CVE-2021-27023

Weakness Enumeration

Related Identifiers

Affected Products

References · 28