puppet

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Server automation framework and application
Version 7.18.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2541 7.12.0-1 7.12.1-1 Medium Fixed
AVG-2105 6.22.1-1 6.23.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-27025 AVG-2541 Medium Yes Denial of service
A security issue was discovered in Puppet before version 7.12.1 where the agent may silently ignore Augeas settings or may be vulnerable to a denial of...
CVE-2021-27023 AVG-2541 Medium Yes Information disclosure
A security issue was discovered in Puppet before version 7.12.1 that may result in a leak of HTTP credentials when following HTTP redirects to a different...
CVE-2021-27021 AVG-2105 Medium Yes Privilege escalation
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. This has been...

Advisories

Date Advisory Group Severity Type
01 Jul 2021 ASA-202107-8 AVG-2105 Medium privilege escalation