CVE-2021-27023

Опубликовано: 09 нояб. 2021

Источник: redhat

CVSS3: 9.8

EPSS Низкий

Описание

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Отчет

Red Hat Satellite 6.8 and earlier versions are not affected by this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenStack Platform 10 (Newton)	puppet	Not affected
Red Hat OpenStack Platform 13 (Queens)	puppet	Not affected
Red Hat OpenStack Platform 16.1	puppet	Not affected
Red Hat OpenStack Platform 16.2	puppet	Not affected
Red Hat Update Infrastructure 3 for Cloud Providers	puppet	Not affected
Red Hat Satellite 6.10 for RHEL 7	puppet-agent	Fixed	RHSA-2022:1708	04.05.2022
Red Hat Satellite 6.10 for RHEL 7	puppetserver	Fixed	RHSA-2022:1708	04.05.2022
Red Hat Satellite 6.10 for RHEL 7	puppet-agent	Fixed	RHSA-2022:1708	04.05.2022
Red Hat Satellite 6.10 for RHEL 7	puppetserver	Fixed	RHSA-2022:1708	04.05.2022
Red Hat Satellite 6.9 for RHEL 7	puppet-agent	Fixed	RHSA-2022:1478	20.04.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=2023859puppet: unsafe HTTP redirect

EPSS

Процентиль: 49%

0.00261

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2021-27023

CVSS3: 9.8

ubuntu

больше 3 лет назад

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

CVE-2021-27023

CVSS3: 9.8

nvd

больше 3 лет назад

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

CVE-2021-27023

CVSS3: 9.8

debian

больше 3 лет назад

A flaw was discovered in Puppet Agent and Puppet Server that may resul ...

SUSE-SU-2022:3794-1

suse-cvrf

больше 2 лет назад

Security update for rubygem-puppet

SUSE-SU-2022:3355-1

suse-cvrf

почти 3 года назад

Security update for puppet

EPSS

Процентиль: 49%

0.00261

Низкий

9.8 Critical

CVSS3