CVE-2021-27023 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-27023 PUBLISHED

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

EPSS 0.40% · 60.3th percentile

Risk Scores

EPSS Score

0.40%

60.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	puppet	0, 3.7.2-5ubuntu2, 3.8.4-1ubuntu1
Ubuntu:14.04:LTS	puppet	3.4.3-1ubuntu1, 3.4.3-1ubuntu1.1, 3.4.3-1ubuntu1.2
Ubuntu:22.04:LTS	puppet	5.5.22-4ubuntu0.2, 5.5.22-4, 5.5.22-1ubuntu1
Ubuntu:18.04:LTS	puppet	5.4.0-2ubuntu3, 0, 4.10.4-2ubuntu1
Ubuntu:20.04:LTS	puppet	5.5.10-4ubuntu3, 5.4.0-2ubuntu3, 0

Timeline

Nov 18, 2021 CVE Published
Nov 18, 2021 PoC Published
Nov 19, 2021 EPSS Score
Dec 2, 2021 CVE Updated
Jan 6, 2022 EPSS Score
Jan 13, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 2, 2022 EPSS Score
Jun 26, 2022 EPSS Score
Aug 20, 2022 EPSS Score
Oct 14, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-27023 third-party-advisory
https://puppet.com/security/cve/cve-2021-27023 third-party-advisory
https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 third-party-advisory
https://puppet.com/security/cve/CVE-2021-27023 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-27023 third-party-advisory

Open in Interactive Console →