Silent Configuration Failure in Puppet Agent
Published: December 02, 2021
SECURITY IDENTIFIERS
- CVE: CVE-2021-27025 (NVD)
- GHSA: GHSA-q4g7-jrxv-67r9
- Vendor Advisory: https://puppet.com/security/cve/cve-2021-27025
GEM
SEVERITY
CVSS v3.x: 6.5 (Medium)
PATCHED VERSIONS
~> 6.25.1
>= 7.12.1
DESCRIPTION
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.