Moderate severityNVD Advisory· Published Nov 18, 2021· Updated Aug 3, 2024
CVE-2021-27023
CVE-2021-27023
Description
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | >= 7.0.0, < 7.12.1 | 7.12.1 |
puppetRubyGems | < 6.25.1 | 6.25.1 |
Affected products
4- Puppet/Agent and Serverdescription
- ghsa-coords3 versionspkg:gem/puppetpkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/rubygem-puppet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012
>= 7.0.0, < 7.12.1+ 2 more
- (no CPE)range: >= 7.0.0, < 7.12.1
- (no CPE)range: < 3.8.5-15.18.1
- (no CPE)range: < 4.8.1-32.6.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-93j5-g845-9wqpghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-27023ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.ymlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7ghsaWEB
- puppet.com/security/cve/CVE-2021-27023ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.