CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27025 – puppet: silent configuration failure in agent
https://notcve.org/view.php?id=CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. Se ha detectado un fallo en Puppet Agent donde el agente puede ignorar silenciosamente la configuración de Augeas o puede ser vulnerable a una condición de denegación de servicio antes del primer "pluginsync". A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7 https://puppet.com/security/cve/cve-2021-27025 https://access.redhat.com/security/cve/CVE-2021-27025 https://bugzilla.redhat.com/show_bug.cgi?id=2023853 • CWE-665: Improper Initialization •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27026
https://notcve.org/view.php?id=CVE-2021-27026
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged Se ha detectado un fallo en Puppet Enterprise y otros productos Puppet en el que es posible registrar parámetros confidenciales del plan. • https://puppet.com/security/cve/cve-2021-27026 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27022
https://notcve.org/view.php?id=CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). Se ha detectado un fallo en bolt-server y ace en el que la ejecución de una tarea con parámetros confidenciales resulta en que dichos parámetros confidenciales sean registrados cuando no deberían. Este problema sólo afecta a los nodos SSH/WinRM (nodos de servicio de inventario) • https://puppet.com/security/cve/cve-2021-27022 https://puppet.com/security/cve/cve-2021-27022/%5D • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27019
https://notcve.org/view.php?id=CVE-2021-27019
PuppetDB logging included potentially sensitive system information. El registro de PuppetDB incluía información potencialmente confidencial del sistema. • https://puppet.com/security/cve/CVE-2021-27019 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27020
https://notcve.org/view.php?id=CVE-2021-27020
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. Puppet Enterprise presentaba un riesgo de seguridad al no sanear la entrada del usuario cuando se realizaba una exportación CSV. • https://puppet.com/security/cve/CVE-2021-27020 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •