CVSS 3 Base Score:

Posted On:

Assessed Risk Level:
High

On March 25, 2021, OpenSSL published security updates addressing CVE-2021-3450 and CVE-2021-3449. Previous releases of Puppet Agent and Bolt contain a vulnerable version of OpenSSL. Puppet Agent 6.22.1, Puppet Agent 7.6.1, and Bolt 3.6.0 contain an updated version of OpenSSL that has patched the vulnerability.

For more information about this vulnerability, refer to the OpenSSL security announcement: https://www.openssl.org/news/secadv/20210325.txt.

Status:

Affected software versions:
  • Puppet Agent 6.x prior to 6.22.1
  • Puppet Agent 7.x prior to 7.6.1
  • Bolt versions prior to 3.6.0
  • Puppet Enterprise prior to 2019.8.6
Resolved in:
  • Puppet Agent 6.22.1
  • Puppet Agent 7.6.1
  • Bolt 3.6.0
  • Puppet Enterprise 2019.8.6
  • Puppet Enterprise 2021.1.0