GHSA-q4g7-jrxv-67r9

Source

https://github.com/advisories/GHSA-q4g7-jrxv-67r9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-q4g7-jrxv-67r9/GHSA-q4g7-jrxv-67r9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q4g7-jrxv-67r9

Aliases

CVE-2021-27025

Published

2021-12-02T17:54:25Z

Modified

2024-11-29T05:38:21.945843Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Silent Configuration Failure in Puppet Agent

Details

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Database specific

{
    "github_reviewed_at": "2021-11-30T14:35:55Z",
    "nvd_published_at": "2021-11-18T15:15:00Z",
    "severity": "MODERATE",
    "cwe_ids": [],
    "github_reviewed": true
}

References

Affected packages

RubyGems / puppet

Package

Name: puppet
Purl: pkg:gem/puppet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.12.1

Affected versions

7.*

7.0.0

7.1.0

7.3.0

7.4.0

7.4.1

7.5.0

7.6.1

7.7.0

7.8.0

7.9.0

7.10.0

7.11.0

7.12.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-q4g7-jrxv-67r9/GHSA-q4g7-jrxv-67r9.json"

RubyGems / puppet

Package

Name: puppet
Purl: pkg:gem/puppet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.25.1

Affected versions

0.*

0.9.2

0.13.0

0.13.1

0.13.2

0.13.6

0.16.0

0.18.4

0.22.4

0.23.0

0.23.1

0.23.2

0.24.0

0.24.1

0.24.2

0.24.3

0.24.4

0.24.5

0.24.6

0.24.7

0.24.8

0.24.9

0.25.0

0.25.1

0.25.2

0.25.3

0.25.4

0.25.5

2.*

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.18

2.7.1

2.7.3

2.7.4

2.7.5

2.7.6

2.7.8

2.7.9

2.7.11

2.7.12

2.7.13

2.7.14

2.7.16

2.7.17

2.7.18

2.7.19

2.7.20.rc1

2.7.20

2.7.21

2.7.22

2.7.23

2.7.24

2.7.25

2.7.26

3.*

3.0.0.rc4

3.0.0.rc5

3.0.0.rc7

3.0.0.rc8

3.0.0

3.0.1.rc1

3.0.1

3.0.2.rc1

3.0.2.rc2

3.0.2.rc3

3.0.2

3.1.0.rc1

3.1.0.rc2

3.1.0

3.1.1

3.2.0.rc1

3.2.0.rc2

3.2.1.rc1

3.2.1

3.2.2

3.2.3.rc1

3.2.3

3.2.4

3.3.0.rc2

3.3.0.rc3

3.3.0

3.3.1.rc1

3.3.1.rc2

3.3.1.rc3

3.3.1

3.3.2

3.4.0.rc1

3.4.0.rc2

3.4.0

3.4.1

3.4.2

3.4.3

3.5.0.rc1

3.5.0.rc2

3.5.0.rc3

3.5.1.rc1

3.5.1

3.6.0.rc1

3.6.0

3.6.1

3.6.2

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.8.1

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

4.*

4.0.0.rc1

4.0.0

4.1.0

4.2.0

4.2.1

4.2.2

4.2.3

4.3.0

4.3.1

4.3.2

4.4.0

4.4.1

4.4.2

4.5.0

4.5.1

4.5.2

4.5.3

4.6.1

4.6.2

4.7.0

4.7.1

4.8.0

4.8.1

4.8.2

4.9.0

4.9.1

4.9.2

4.9.3

4.9.4

4.10.0

4.10.1

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.10.9

4.10.10

4.10.11

4.10.12

5.*

5.0.0

5.0.1

5.1.0

5.2.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.4.0

5.5.0

5.5.1

5.5.2

5.5.3

5.5.6

5.5.7

5.5.8

5.5.10

5.5.12

5.5.13

5.5.14

5.5.16

5.5.17

5.5.18

5.5.19

5.5.20

5.5.21

5.5.22

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.7

6.0.8

6.0.9

6.0.10

6.1.0

6.2.0

6.3.0

6.4.0

6.4.1

6.4.2

6.4.3

6.4.4

6.4.5

6.5.0

6.6.0

6.7.0

6.7.2

6.8.0

6.8.1

6.9.0

6.10.0

6.10.1

6.11.0

6.11.1

6.12.0

6.13.0

6.14.0

6.15.0

6.16.0

6.17.0

6.18.0

6.19.0

6.19.1

6.20.0

6.21.0

6.21.1

6.22.1

6.23.0

6.24.0

6.25.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-q4g7-jrxv-67r9/GHSA-q4g7-jrxv-67r9.json"