Vulnerability Description
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Puppet | Puppet Agent | < 6.25.1 |
| Puppet | Puppet Enterprise | < 2019.8.9 |
| Puppet | Puppet Server | < 6.17.1 |
| Fedoraproject | Fedora | 35 |
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://puppet.com/security/cve/CVE-2021-27023Vendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://puppet.com/security/cve/CVE-2021-27023Vendor Advisory
FAQ
What is CVE-2021-27023?
CVE-2021-27023 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
How severe is CVE-2021-27023?
CVE-2021-27023 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-27023?
Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet Agent, Puppet Puppet Enterprise, Puppet Puppet Server, Fedoraproject Fedora.