GHSA-93j5-g845-9wqp

Suggest an improvement
Source
https://github.com/advisories/GHSA-93j5-g845-9wqp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-93j5-g845-9wqp/GHSA-93j5-g845-9wqp.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-93j5-g845-9wqp
Aliases
Published
2021-12-02T17:52:45Z
Modified
2024-11-29T05:41:45.543312Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Details

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Database specific
{
    "nvd_published_at": "2021-11-18T15:15:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-30T14:35:48Z"
}
References

Affected packages

RubyGems / puppet

Package

Name
puppet
Purl
pkg:gem/puppet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.12.1

Affected versions

7.*

7.0.0
7.1.0
7.3.0
7.4.0
7.4.1
7.5.0
7.6.1
7.7.0
7.8.0
7.9.0
7.10.0
7.11.0
7.12.0

RubyGems / puppet

Package

Name
puppet
Purl
pkg:gem/puppet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.25.1

Affected versions

0.*

0.9.2
0.13.0
0.13.1
0.13.2
0.13.6
0.16.0
0.18.4
0.22.4
0.23.0
0.23.1
0.23.2
0.24.0
0.24.1
0.24.2
0.24.3
0.24.4
0.24.5
0.24.6
0.24.7
0.24.8
0.24.9
0.25.0
0.25.1
0.25.2
0.25.3
0.25.4
0.25.5

2.*

2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.7.1
2.7.3
2.7.4
2.7.5
2.7.6
2.7.8
2.7.9
2.7.11
2.7.12
2.7.13
2.7.14
2.7.16
2.7.17
2.7.18
2.7.19
2.7.20.rc1
2.7.20
2.7.21
2.7.22
2.7.23
2.7.24
2.7.25
2.7.26

3.*

3.0.0.rc4
3.0.0.rc5
3.0.0.rc7
3.0.0.rc8
3.0.0
3.0.1.rc1
3.0.1
3.0.2.rc1
3.0.2.rc2
3.0.2.rc3
3.0.2
3.1.0.rc1
3.1.0.rc2
3.1.0
3.1.1
3.2.0.rc1
3.2.0.rc2
3.2.1.rc1
3.2.1
3.2.2
3.2.3.rc1
3.2.3
3.2.4
3.3.0.rc2
3.3.0.rc3
3.3.0
3.3.1.rc1
3.3.1.rc2
3.3.1.rc3
3.3.1
3.3.2
3.4.0.rc1
3.4.0.rc2
3.4.0
3.4.1
3.4.2
3.4.3
3.5.0.rc1
3.5.0.rc2
3.5.0.rc3
3.5.1.rc1
3.5.1
3.6.0.rc1
3.6.0
3.6.1
3.6.2
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7

4.*

4.0.0.rc1
4.0.0
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.4.2
4.5.0
4.5.1
4.5.2
4.5.3
4.6.1
4.6.2
4.7.0
4.7.1
4.8.0
4.8.1
4.8.2
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.10.0
4.10.1
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.10.9
4.10.10
4.10.11
4.10.12

5.*

5.0.0
5.0.1
5.1.0
5.2.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.4.0
5.5.0
5.5.1
5.5.2
5.5.3
5.5.6
5.5.7
5.5.8
5.5.10
5.5.12
5.5.13
5.5.14
5.5.16
5.5.17
5.5.18
5.5.19
5.5.20
5.5.21
5.5.22

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.7
6.0.8
6.0.9
6.0.10
6.1.0
6.2.0
6.3.0
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.5.0
6.6.0
6.7.0
6.7.2
6.8.0
6.8.1
6.9.0
6.10.0
6.10.1
6.11.0
6.11.1
6.12.0
6.13.0
6.14.0
6.15.0
6.16.0
6.17.0
6.18.0
6.19.0
6.19.1
6.20.0
6.21.0
6.21.1
6.22.1
6.23.0
6.24.0
6.25.0