CVSS 3 Base Score: 6.5Posted On: November 9, 2021Assessed Risk Level: MediumA flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.Status:Affected software versions:Puppet Enterprise prior to 2019.8.9Puppet Enterprise prior to 2021.4Puppet Server prior to 6.17.1Puppet Server prior to 7.4.2Puppet Agent prior to 6.25.1Puppet Agent prior to 7.12.1Resolved in:Puppet Enterprise 2019.8.9Puppet Enterprise 2021.4Puppet Server 6.17.1Puppet Server 7.4.2Puppet Agent 6.25.1Puppet Agent 7.12.1← Back to CVE Listings