rpm package
suse/rubygem-puppet&distro=SUSE Linux Enterprise Module for Advanced Systems Management 12
pkg:rpm/suse/rubygem-puppet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-27023 | — | < 4.8.1-32.6.1 | 4.8.1-32.6.1 | Nov 18, 2021 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | ||
| CVE-2017-10689 | Med | 5.5 | < 4.8.1-32.3.1 | 4.8.1-32.3.1 | Feb 9, 2018 | In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. |
- CVE-2021-27023Nov 18, 2021affected < 4.8.1-32.6.1fixed 4.8.1-32.6.1
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
- affected < 4.8.1-32.3.1fixed 4.8.1-32.3.1
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.