Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-27023

Published: 18/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Puppet Server

Vulnerability Summary

A flaw exists in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

puppet puppet server

puppet puppet agent

puppet puppet enterprise

fedoraproject fedora 35

Vendor Advisories

Red Hat: Important: Satellite Tools 6.9.9 Async Bug Fix Update
Synopsis Important: Satellite Tools 699 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 69 Tools packages that fix several bugs are now availableRed Hat Product Security has rate ...
Red Hat: Important: Satellite Tools 6.10.5 Async Bug Fix Update
Synopsis Important: Satellite Tools 6105 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 610 Tools packages that fix several bugs are now availableRed Hat Product Security has ra ...
Red Hat: Important: Satellite 6.9.9 Async Bug Fix Update
Synopsis Important: Satellite 699 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 69 packages that fix several bugs are now available for Red Hat Satellite Description Red Hat ...
Red Hat: Important: Satellite 6.10.5 Async Bug Fix Update
Synopsis Important: Satellite 6105 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 610 packages that fix several bugs are now available for Red Hat Satellite Description Red Ha ...
Arch Linux Issues:
A security issue was discovered in Puppet before version 7121 that may result in a leak of HTTP credentials when following HTTP redirects to a different host This is similar to CVE-2018-1000007 ...

References

NVD-CWE-noinfohttps://puppet.com/security/cve/CVE-2021-27023https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:4867https://security.archlinux.org/CVE-2021-27023
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook