CVE-2021-27023
Description
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.397
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-27023,CVE-2021-27025 are affected in Puppet Agent (x64) 4.5.0 | Windows |
| Vulnerabilities CVE-2021-27023,CVE-2021-27025 are affected in Puppet Agent (x64) 7.9.0 | Windows |
| Vulnerabilities CVE-2021-27023,CVE-2021-27025 are affected in Puppet Agent 4.5.0 | Windows |
| Vulnerabilities CVE-2021-27023,CVE-2021-27025 are affected in Puppet Agent 7.9.0 | Windows |
| Vulnerabilities CVE-2021-27025,CVE-2021-27023 are fixed in Ruby-puppet 7.12.1 | Windows |
| Vulnerabilities CVE-2021-27025,CVE-2021-27023 are fixed in Ruby-puppet 6.25.1 | Windows |
| (RHSA-2022:4866) Satellite Tools 6.10.5 Async Bug Fix Update puppet-agent-6.26.0-1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:4866) Satellite Tools 6.10.5 Async Bug Fix Update puppet-agent-6.26.0-1.el8sat.x86_64.rpm | Linux |
| Vulnerabilities CVE-2021-27025,CVE-2021-27023 are fixed in Ruby-puppet for Linux 7.12.1 | Linux |
| Vulnerabilities CVE-2021-27025,CVE-2021-27023 are fixed in Ruby-puppet for Linux 6.25.1 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342464 | Puppet Agent (x64) (8.10.0) |
| PATCH-342464 | Puppet Agent (x64) (8.10.0) |
| PATCH-342463 | Puppet Agent (8.10.0) |
| PATCH-342463 | Puppet Agent (8.10.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234