CVSS 3 Base Score:
6.5

Posted On:

Assessed Risk Level:
Medium

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.

Status:

Affected software versions:
  • Puppet Enterprise prior to 2019.8.9
  • Puppet Enterprise prior to 2021.4
  • Puppet Server prior to 6.17.1
  • Puppet Server prior to 7.4.2
  • Puppet Agent prior to 6.25.1
  • Puppet Agent prior to 7.12.1
Resolved in:
  • Puppet Enterprise 2019.8.9
  • Puppet Enterprise 2021.4
  • Puppet Server 6.17.1
  • Puppet Server 7.4.2
  • Puppet Agent 6.25.1
  • Puppet Agent 7.12.1
← Back to CVE Listings