-
Posted November 9, 2021
-
Assessed Risk Level: Medium
-
CVSS 3.1 Base Score: 6.5
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.
Status:
Affected software versions:
- Puppet Enterprise prior to 2019.8.9
- Puppet Enterprise prior to 2021.4
- Puppet Server prior to 6.17.1
- Puppet Server prior to 7.4.2
- Puppet Agent prior to 6.25.1
- Puppet Agent prior to 7.12.1
Resolved in:
- Puppet Enterprise 2019.8.9
- Puppet Enterprise 2021.4
- Puppet Server 6.17.1
- Puppet Server 7.4.2
- Puppet Agent 6.25.1
- Puppet Agent 7.12.1