Published: 18/11/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

A flaw exists in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Vulnerable Product	Search on Vulmon	Subscribe to Product
puppet puppet agent
puppet puppet
puppet puppet enterprise
fedoraproject fedora 35

Debian Bug report logs - #1014772 puppet: CVE-2021-27025 Package: src:puppet; Maintainer for src:puppet is Puppet Package Maintainers <pkg-puppet-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 11 Jul 2022 18:39:02 UTC Severity: normal Tags: security, upstream Reply o ...

Synopsis Important: Satellite Tools 699 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 69 Tools packages that fix several bugs are now availableRed Hat Product Security has rate ...

Synopsis Important: Satellite Tools 6105 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 610 Tools packages that fix several bugs are now availableRed Hat Product Security has ra ...

Synopsis Moderate: Red Hat OpenStack Platform 1619 (puppet) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for puppet is now available for Red Hat OpenStack Platform 1619 (Train) for Red Hat ...

Synopsis Moderate: Red Hat OpenStack Platform 1624 (puppet) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for puppet is now available for Red Hat OpenStack Platform 1624 (Train) Red Hat Pro ...

Synopsis Important: Satellite 6105 Async Bug Fix Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 610 packages that fix several bugs are now available for Red Hat Satellite Description Red Ha ...

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync' (CVE-2021-27025) ...

A security issue was discovered in Puppet before version 7121 where the agent may silently ignore Augeas settings or may be vulnerable to a denial of service condition prior to the first pluginsync ...

NVD-CWE-noinfo https://puppet.com/security/cve/cve-2021-27025 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASEMR-PUPPET-2023-001.html

CVE-2021-27025

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect