Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Published: December 02, 2021
SECURITY IDENTIFIERS
- CVE: CVE-2021-27023 (NVD)
- GHSA: GHSA-93j5-g845-9wqp
- Vendor Advisory: https://puppet.com/security/cve/CVE-2021-27023
GEM
SEVERITY
CVSS v3.x: 6.5 (Medium)
PATCHED VERSIONS
~> 6.25.1
>= 7.12.1
DESCRIPTION
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007