CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27025 – puppet: silent configuration failure in agent
https://notcve.org/view.php?id=CVE-2021-27025
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. Se ha detectado un fallo en Puppet Agent donde el agente puede ignorar silenciosamente la configuración de Augeas o puede ser vulnerable a una condición de denegación de servicio antes del primer "pluginsync". A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7 https://puppet.com/security/cve/cve-2021-27025 https://access.redhat.com/security/cve/CVE-2021-27025 https://bugzilla.redhat.com/show_bug.cgi?id=2023853 • CWE-665: Improper Initialization •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27026
https://notcve.org/view.php?id=CVE-2021-27026
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged Se ha detectado un fallo en Puppet Enterprise y otros productos Puppet en el que es posible registrar parámetros confidenciales del plan. • https://puppet.com/security/cve/cve-2021-27026 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27024
https://notcve.org/view.php?id=CVE-2021-27024
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0 Se ha detectado un fallo en Continuous Delivery for Puppet Enterprise (CD4PE) que resulta en un usuario con privilegios bajos ser capaz de acceder a un token de la API de Puppet Enterprise. Este problema se ha resuelto en CD4PE versión 4.10.0 • https://puppet.com/security/cve/cve-2021-27024 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27022
https://notcve.org/view.php?id=CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). Se ha detectado un fallo en bolt-server y ace en el que la ejecución de una tarea con parámetros confidenciales resulta en que dichos parámetros confidenciales sean registrados cuando no deberían. Este problema sólo afecta a los nodos SSH/WinRM (nodos de servicio de inventario) • https://puppet.com/security/cve/cve-2021-27022 https://puppet.com/security/cve/cve-2021-27022/%5D • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27018
https://notcve.org/view.php?id=CVE-2021-27018
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. Se ha detectado que el mecanismo lleva a cabo la comprobación de certificados tenía un fallo que resultaba que los certificados firmados por una autoridad de certificación interna no fueran comprobados apropiadamente. Este problema sólo afecta a clientes que están configurados para usar el archivo Tenable.sc como fuente de datos de vulnerabilidad. • https://puppet.com/security/cve/CVE-2021-27018 • CWE-295: Improper Certificate Validation •