CVE-2021-27023
Summary
| CVE | CVE-2021-27023 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-18 15:15:00 UTC |
| Updated | 2023-11-07 03:31:00 UTC |
| Description | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Puppet | Puppet | All | All | All | All |
| Application | Puppet | Puppet Agent | All | All | All | All |
| Application | Puppet | Puppet Enterprise | All | All | All | All |
| Application | Puppet | Puppet Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 35 Update: puppet-7.12.1-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE-2021-27023 - Unsafe HTTP Redirect | Puppet | MISC | puppet.com | |
| [SECURITY] Fedora 35 Update: puppet-7.12.1-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240225 Red Hat Update for Satellite 6.9 (RHSA-2022:1478)
- 240260 Red Hat Update for Satellite "6\\.10" (RHSA-2022:1708)
- 240409 Red Hat Update for Satellite 6.9.9 (RHSA-2022:4867)
- 240411 Red Hat Update for Satellite 6.10.5 (RHSA-2022:4866)
- 282144 Fedora Security Update for puppet (FEDORA-2021-1c0e788093)
- 690237 Free Berkeley Software Distribution (FreeBSD) Security Update for puppet (3bd3c9f8-41ee-11ec-9bac-589cfc007716)