puppet
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Server automation framework and application |
| Version | 7.27.0-3 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2541 | 7.12.0-1 | 7.12.1-1 | Medium | Fixed | |
| AVG-2105 | 6.22.1-1 | 6.23.0-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-27025 | AVG-2541 | Medium | Yes | Denial of service | A security issue was discovered in Puppet before version 7.12.1 where the agent may silently ignore Augeas settings or may be vulnerable to a denial of... |
| CVE-2021-27023 | AVG-2541 | Medium | Yes | Information disclosure | A security issue was discovered in Puppet before version 7.12.1 that may result in a leak of HTTP credentials when following HTTP redirects to a different... |
| CVE-2021-27021 | AVG-2105 | Medium | Yes | Privilege escalation | A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. This has been... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 01 Jul 2021 | ASA-202107-8 | AVG-2105 | Medium | privilege escalation |