CVE-2021-27025 - Silent Configuration Failure

  • Posted November 9, 2021

  • Assessed Risk Level: Medium

  • CVSS 3.1 Base Score: 6.3

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first pluginsync.

Status:

Affected software versions:

  • Puppet Enterprise prior to 2019.8.9
  • Puppet Enterprise prior to 2021.4.0
  • Puppet Agent prior to 6.25.1
  • Puppet Agent prior to 7.12.1
  • Puppet Agent 5.5.x

Resolved in:

  • Puppet Enterprise 2019.8.9
  • Puppet Enterprise 2021.4.0
  • Puppet Agent 6.25.1
  • Puppet Agent 7.12.1