CVE-2021-27023
- Source
- https://cve.org/CVERecord?id=CVE-2021-27023
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27023.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-27023
- Aliases
- Downstream
- Related
- Published
- 2021-11-18T15:15:09.273Z
- Modified
- 2026-04-10T04:31:25.364833Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
- References
Affected packages
Git / github.com/puppetlabs/puppet-agent
Affected ranges
Affected versions
0.*
0.1.3
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
1.*
1.2.7
1.3.0
1.3.1
1.3.2
2.*
2.0.0-rc3
4.*
4.99.0
5.*
5.1.0
5.99.0
5.99.1
5.99.2
6.*
6.10.0
6.11.0
6.11.1
6.12.0
6.12.1
6.12.2
6.13.0
6.14.0
6.14.1
6.15.0
6.15.1
6.15.2
6.15.3
6.16.0
6.16.1
6.17.0
6.2.0
6.2.1
6.3.0
6.4.0
6.5.0
6.7.0
6.7.1
6.7.2
6.8.0
6.9.0
6.9.2
7.*
7.0.2
7.0.3
7.1.0
7.1.1
7.1.2
7.12.0
7.2.0
7.2.1
7.3.0
7.4.0
7.4.1
jvm-puppet-0.*
jvm-puppet-0.1.2
jvm-puppet-0.1.3
jvm-puppet-0.1.4
jvm-puppet-0.1.5
jvm-puppet-0.1.6
puppet-server-0.*
puppet-server-0.1.10
puppet-server-0.1.11
puppet-server-0.1.12
puppet-server-0.1.13
puppet-server-0.1.14
puppet-server-0.1.15
puppet-server-0.1.16
puppet-server-0.1.7
puppet-server-0.1.8
puppet-server-0.1.9
puppet-server-0.2.0
puppet-server-0.2.2
puppet-server-0.4.0
puppet-server-2.*
puppet-server-2.1.0
puppet-server-2.1.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27023.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2019.8.9"
}
]
},
{
"events": [
{
"introduced": "2021.0.0"
},
{
"fixed": "2021.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
}
]