CVE-2021-44228 - log4j

  • Posted December 10, 2021 (Updated December 21, 2021)

  • Assessed Risk Level: Critical

  • CVSS 3.1 Base Score: 9.8

Continuous Delivery for Puppet Enterprise (CD4PE) and Puppet Comply were found vulnerable to CVE-2021-44228. CD4PE was vulnerable to Remote Code Execution (RCE) and Comply was found potentially vulnerable to privilege escalation.

Status:

Affected software versions:

  • CD4PE 3.x
  • CD4PE prior to 4.10.3
  • Comply prior to 2.2.1

Resolved in:

  • CD4PE 4.10.3
  • Comply 2.2.1