CVE-2021-27023

Name
CVE-2021-27023
Description
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://puppet.com/security/cve/CVE-2021-27023
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:puppet:puppet:*:*:*:*:enterprise:*:*:* puppet >= None < 2019.8.9
cpe:2.3:a:puppet:puppet:*:*:*:*:enterprise:*:*:* puppet >= 2021.0.0 < 2021.4
cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:* puppet_agent >= None < 6.25.1
cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:* puppet_agent >= 7.0.0 < 7.12.1
cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:* puppet_server >= None < 6.17.1
cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:* puppet_server >= 7.0.0 < 7.4.2
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* puppet_enterprise >= None < 2019.8.9
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* puppet_enterprise >= 2021.0.0 < 2021.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status