GHSA-93j5-g845-9wqp

Source

https://github.com/advisories/GHSA-93j5-g845-9wqp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-93j5-g845-9wqp/GHSA-93j5-g845-9wqp.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-93j5-g845-9wqp

Aliases

CVE-2021-27023

Published

2021-12-02T17:52:45Z

Modified

2024-11-29T05:41:45.543312Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

Details

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Database specific

{
    "github_reviewed_at": "2021-11-30T14:35:48Z",
    "nvd_published_at": "2021-11-18T15:15:00Z",
    "severity": "MODERATE",
    "cwe_ids": [],
    "github_reviewed": true
}

References

Affected packages

RubyGems / puppet

Package

Name: puppet
Purl: pkg:gem/puppet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.12.1

Affected versions

7.*

7.0.0

7.1.0

7.3.0

7.4.0

7.4.1

7.5.0

7.6.1

7.7.0

7.8.0

7.9.0

7.10.0

7.11.0

7.12.0

RubyGems / puppet

Package

Name: puppet
Purl: pkg:gem/puppet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.25.1

Affected versions

0.*

0.9.2

0.13.0

0.13.1

0.13.2

0.13.6

0.16.0

0.18.4

0.22.4

0.23.0

0.23.1

0.23.2

0.24.0

0.24.1

0.24.2

0.24.3

0.24.4

0.24.5

0.24.6

0.24.7

0.24.8

0.24.9

0.25.0

0.25.1

0.25.2

0.25.3

0.25.4

0.25.5

2.*

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.18

2.7.1

2.7.3

2.7.4

2.7.5

2.7.6

2.7.8

2.7.9

2.7.11

2.7.12

2.7.13

2.7.14

2.7.16

2.7.17

2.7.18

2.7.19

2.7.20.rc1

2.7.20

2.7.21

2.7.22

2.7.23

2.7.24

2.7.25

2.7.26

3.*

3.0.0.rc4

3.0.0.rc5

3.0.0.rc7

3.0.0.rc8

3.0.0

3.0.1.rc1

3.0.1

3.0.2.rc1

3.0.2.rc2

3.0.2.rc3

3.0.2

3.1.0.rc1

3.1.0.rc2

3.1.0

3.1.1

3.2.0.rc1

3.2.0.rc2

3.2.1.rc1

3.2.1

3.2.2

3.2.3.rc1

3.2.3

3.2.4

3.3.0.rc2

3.3.0.rc3

3.3.0

3.3.1.rc1

3.3.1.rc2

3.3.1.rc3

3.3.1

3.3.2

3.4.0.rc1

3.4.0.rc2

3.4.0

3.4.1

3.4.2

3.4.3

3.5.0.rc1

3.5.0.rc2

3.5.0.rc3

3.5.1.rc1

3.5.1

3.6.0.rc1

3.6.0

3.6.1

3.6.2

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.8.1

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

4.*

4.0.0.rc1

4.0.0

4.1.0

4.2.0

4.2.1

4.2.2

4.2.3

4.3.0

4.3.1

4.3.2

4.4.0

4.4.1

4.4.2

4.5.0

4.5.1

4.5.2

4.5.3

4.6.1

4.6.2

4.7.0

4.7.1

4.8.0

4.8.1

4.8.2

4.9.0

4.9.1

4.9.2

4.9.3

4.9.4

4.10.0

4.10.1

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.10.9

4.10.10

4.10.11

4.10.12

5.*

5.0.0

5.0.1

5.1.0

5.2.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.4.0

5.5.0

5.5.1

5.5.2

5.5.3

5.5.6

5.5.7

5.5.8

5.5.10

5.5.12

5.5.13

5.5.14

5.5.16

5.5.17

5.5.18

5.5.19

5.5.20

5.5.21

5.5.22

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.7

6.0.8

6.0.9

6.0.10

6.1.0

6.2.0

6.3.0

6.4.0

6.4.1

6.4.2

6.4.3

6.4.4

6.4.5

6.5.0

6.6.0

6.7.0

6.7.2

6.8.0

6.8.1

6.9.0

6.10.0

6.10.1

6.11.0

6.11.1

6.12.0

6.13.0

6.14.0

6.15.0

6.16.0

6.17.0

6.18.0

6.19.0

6.19.1

6.20.0

6.21.0

6.21.1

6.22.1

6.23.0

6.24.0

6.25.0