CVE-2021-27023
puppet: unsafe HTTP redirect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Se ha detectado un fallo en Puppet Agent y Puppet Server que puede resultar en un filtrado de credenciales HTTP cuando se siguen redirecciones HTTP a un host diferente. Esto es similar a CVE-2018-1000007
An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-09 CVE Reserved
- 2021-11-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Puppet Search vendor "Puppet" | Puppet Agent Search vendor "Puppet" for product "Puppet Agent" | < 6.25.1 Search vendor "Puppet" for product "Puppet Agent" and version " < 6.25.1" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Agent Search vendor "Puppet" for product "Puppet Agent" | >= 7.0.0 < 7.12.1 Search vendor "Puppet" for product "Puppet Agent" and version " >= 7.0.0 < 7.12.1" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | < 2019.8.9 Search vendor "Puppet" for product "Puppet Enterprise" and version " < 2019.8.9" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | >= 2021.0.0 < 2021.4 Search vendor "Puppet" for product "Puppet Enterprise" and version " >= 2021.0.0 < 2021.4" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Server Search vendor "Puppet" for product "Puppet Server" | < 6.17.1 Search vendor "Puppet" for product "Puppet Server" and version " < 6.17.1" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Server Search vendor "Puppet" for product "Puppet Server" | >= 7.0.0 < 7.4.2 Search vendor "Puppet" for product "Puppet Server" and version " >= 7.0.0 < 7.4.2" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
|