CVE-2021-27023 – puppet: unsafe HTTP redirect
https://notcve.org/view.php?id=CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 Se ha detectado un fallo en Puppet Agent y Puppet Server que puede resultar en un filtrado de credenciales HTTP cuando se siguen redirecciones HTTP a un host diferente. Esto es similar a CVE-2018-1000007 An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive information. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7 https://puppet.com/security/cve/CVE-2021-27023 https://access.redhat.com/security/cve/CVE-2021-27023 https://bugzilla.redhat.com/show_bug.cgi?id=2023859 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-7943 – puppet: puppet server and puppetDB may leak sensitive information via metrics API
https://notcve.org/view.php?id=CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. • https://puppet.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-7943 https://bugzilla.redhat.com/show_bug.cgi?id=1828486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVE-2018-11751 – puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
https://notcve.org/view.php?id=CVE-2018-11751
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. Las versiones anteriores de Puppet Agent no comprobaban el peer en la conexión SSL antes de descargar la CRL. Este problema es resuelto en Puppet Agent versión 6.4.0. A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List (CRL). • https://puppet.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2018-11751 https://bugzilla.redhat.com/show_bug.cgi?id=1788261 • CWE-295: Improper Certificate Validation CWE-862: Missing Authorization •
CVE-2016-2785
https://notcve.org/view.php?id=CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. Puppet Server en versiones anteriores a 2.3.2 y Ruby puppetmaster en Puppet 4.x en versiones anteriores a 4.4.2 y en Puppet Agent en versiones anteriores a 1.4.2 podría permitir a atacantes remotos eludir las restricciones destinas al acceso auth.conf aprovechando una decodificación URL incorrecta. • https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2 https://puppet.com/security/cve/cve-2016-2785 https://security.gentoo.org/glsa/201606-02 • CWE-284: Improper Access Control •
CVE-2014-7170
https://notcve.org/view.php?id=CVE-2014-7170
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. Condición de carrera en Puppet Server 0.2.0 permite a usuarios locales obtener información sensible accediendo durante la instalación de un paquete o la actualización y durante el arranque del servicio. • http://puppetlabs.com/security/cve/cve-2014-7170 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •