CVE-2021-27023

Summary

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Affected Software

VendorProductVersion RangeStatus
n/aPuppet Enterprise, Puppet Server, Puppet AgentPuppet Enterprise prior to 2019.8.9, Puppet Enterprise prior to 2021.4, Puppet Server prior to 6.17.1, Puppet Server prior to 7.4.2, Puppet Agent prior to 6.25.1, Puppet Agent prior to 7.12.1affected

Weaknesses

  • Unsafe HTTP Redirect

ADP Enrichment

CVE Program Container

Additional References

References