CVSS 3 Base Score:

Posted On:

Assessed Risk Level:
Low

On March 31, 2021, curl published security updates addressing CVE-2021-22876 and CVE-2021-22890. Previous releases of Puppet Agent contain a vulnerable version of curl. Puppet Agent 6.22.1 and 7.6.1 contain an updated version of curl that has patched the vulnerability

For more information about this vulnerability, refer to the security announcements for:

Status:

Affected software versions:
  • Puppet Agent 6.x prior to 6.22.1
  • Puppet Agent 7.x prior to 7.6.1
  • Puppet Enterprise prior to 2019.8.6
Resolved in:
  • Puppet Agent 6.22.1
  • Puppet Agent 7.6.1
  • Puppet Enterprise 2019.8.6
  • Puppet Enterprise 2021.1.0