CVE-2021-27023

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27023

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27023.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-27023

Aliases

GHSA-93j5-g845-9wqp

Related

Published

2021-11-18T15:15:09Z

Modified

2024-10-12T07:09:07.819136Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

References

Affected packages

Debian:11 / puppet

Package

Name: puppet
Purl: pkg:deb/debian/puppet?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.22-2

5.5.22-2.1

5.5.22-2.2

5.5.22-3

5.5.22-4

6.*

6.16.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/puppetlabs/puppet-agent

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppet-agent
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

57c0cc7c4389cb2a0adfbc7809e7386fefc925fd

Type: GIT
Repo: https://github.com/puppetlabs/puppetserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d22218d25c4dbedeb102a463f74abf567963b8ba

Affected versions

0.*

0.1.3

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.3.0

0.3.1

0.3.2

0.9.0

0.9.1

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.10.0

1.10.1

1.10.10

1.10.11

1.10.12

1.10.13

1.10.14

1.10.15

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

1.9.2

1.9.3

2.*

2.0.0-rc3

2.1.x-backup

2.3.2

2.4.0

2.5.0

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

4.*

4.99.0

5.*

5.0.0

5.0.1

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.2.0

5.3.0

5.3.1

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.4.0

5.5.0

5.5.1

5.5.10

5.5.11

5.5.12

5.5.13

5.5.14

5.5.15

5.5.16

5.5.17

5.5.18

5.5.19

5.5.2

5.5.20

5.5.21

5.5.22

5.5.3

5.5.4

5.5.6

5.5.7

5.5.8

5.5.9

5.99.0

5.99.1

5.99.2

6.*

6.0.0

6.0.1

6.0.10

6.0.2

6.0.3

6.0.4

6.0.5

6.0.7

6.0.8

6.0.9

6.1.0

6.10.0

6.10.1

6.11.0

6.11.1

6.12.0

6.12.1

6.12.2

6.13.0

6.14.0

6.14.1

6.15.0

6.15.1

6.15.2

6.15.3

6.16.0

6.16.1

6.17.0

6.18.0

6.19.0

6.19.1

6.2.0

6.2.1

6.20.0

6.21.0

6.21.1

6.22.0

6.22.1

6.23.0

6.24.0

6.25.0

6.3.0

6.3.1

6.3.2

6.3.3

6.4.0

6.4.1

6.4.2

6.4.3

6.4.4

6.4.5

6.5.0

6.6.0

6.7.0

6.7.1

6.7.2

6.8.0

6.8.1

6.9.0

6.9.2

jvm-puppet-0.*

jvm-puppet-0.1.2

jvm-puppet-0.1.3

jvm-puppet-0.1.4

jvm-puppet-0.1.5

jvm-puppet-0.1.6

puppet-server-0.*

puppet-server-0.1.10

puppet-server-0.1.11

puppet-server-0.1.12

puppet-server-0.1.13

puppet-server-0.1.14

puppet-server-0.1.15

puppet-server-0.1.16

puppet-server-0.1.7

puppet-server-0.1.8

puppet-server-0.1.9

puppet-server-0.2.0

puppet-server-0.2.1

puppet-server-0.2.2

puppet-server-0.3.0

puppet-server-0.4.0

puppet-server-0.4.1

puppet-server-1.*

puppet-server-1.0.0

puppet-server-1.0.1

puppet-server-1.0.2

puppet-server-1.0.3

puppet-server-1.0.8

puppet-server-1.1.0

puppet-server-1.1.1

puppet-server-1.1.2

puppet-server-1.1.3

puppet-server-1.2.0

puppet-server-2.*

puppet-server-2.0.0

puppet-server-2.1.0

puppet-server-2.1.1

puppet-server-2.1.2

puppet-server-2.1.3-alpha1

puppet-server-2.2.0

puppet-server-2.2.1

puppet-server-2.3.0

puppet-server-2.3.1

puppet-server-2.6.0