Ruby/puppet/6.11.0
Puppet, an automated configuration management tool
https://rubygems.org/gems/puppet
UNKNOWN
6 Security Vulnerabilities
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Published date: 2021-12-02T17:52:45Z
CVE: CVE-2021-27023
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27023
- https://puppet.com/security/cve/CVE-2021-27023
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-93j5-g845-9wqp
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Improper Certificate Validation in Puppet
Published date: 2021-04-13T15:42:19Z
CVE: CVE-2020-7942
Links:
Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting strict_hostname_checking = true in puppet.conf on your Puppet master. Puppet 6.13.0 changes the default behavior for stricthostnamechecking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set stricthostnamechecking to true to ensure secure behavior.
Affected versions:
["5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Silent Configuration Failure in Puppet Agent
Published date: 2021-12-02T17:54:25Z
CVE: CVE-2021-27025
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27025
- https://puppet.com/security/cve/cve-2021-27025
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-q4g7-jrxv-67r9
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Improper Certificate Validation in Puppet
Published date: 2021-04-13
CVE: 2020-7942
CVSS V3: 6.5
Previously, Puppet operated on a model that a node with a valid certificate
was entitled to all information in the system and that a compromised certificate
allowed access to everything in the infrastructure. When a node's catalog falls
back to the default node, the catalog can be retrieved for a different node by
modifying facts for the Puppet run. This issue can be mitigated by setting
strict_hostname_checking = true in puppet.conf on your Puppet master. Puppet
6.13.0 changes the default behavior for stricthostnamechecking from false to
true. It is recommended that Puppet Open Source and Puppet Enterprise users that
are not upgrading still set strict_hostname_checking to true to ensure secure
behavior.
Affected versions:
["6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Published date: 2021-12-02
CVE: 2021-27023
CVSS V3: 6.5
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "7.0.0", "7.1.0", "7.3.0", "6.20.0", "7.4.0", "6.21.0", "7.4.1", "6.21.1", "7.5.0", "7.6.1", "6.22.1", "7.7.0", "7.8.0", "6.23.0", "7.9.0", "6.24.0", "7.10.0", "7.11.0", "7.12.0", "6.26.0", "6.27.0", "6.28.0", "6.29.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Silent Configuration Failure in Puppet Agent
Published date: 2021-12-02
CVE: 2021-27025
CVSS V3: 6.5
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "7.0.0", "7.1.0", "7.3.0", "6.20.0", "7.4.0", "6.21.0", "7.4.1", "6.21.1", "7.5.0", "7.6.1", "6.22.1", "7.7.0", "7.8.0", "6.23.0", "7.9.0", "6.24.0", "7.10.0", "7.11.0", "7.12.0", "6.26.0", "6.27.0", "6.28.0", "6.29.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
291 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.2.3 | UNKNOWN | 13 | 2013-07-15 - 18:39 | almost 11 years |
| 3.2.3.rc1 | UNKNOWN | 13 | 2013-07-03 - 00:14 | almost 11 years |
| 3.2.2 | UNKNOWN | 13 | 2013-06-18 - 17:04 | almost 11 years |
| 3.2.1 | UNKNOWN | 15 | 2013-05-22 - 18:58 | almost 11 years |
| 3.2.1.rc1 | UNKNOWN | 15 | 2013-05-17 - 22:56 | almost 11 years |
| 3.2.0.rc2 | UNKNOWN | 13 | 2013-05-07 - 17:40 | about 11 years |
| 3.2.0.rc1 | UNKNOWN | 13 | 2013-04-18 - 20:38 | about 11 years |
| 3.1.1 | UNKNOWN | 13 | 2013-03-12 - 16:58 | about 11 years |
| 3.1.0 | UNKNOWN | 15 | 2013-02-04 - 19:25 | over 11 years |
| 3.1.0.rc2 | UNKNOWN | 14 | 2013-01-25 - 23:24 | over 11 years |
| 3.1.0.rc1 | UNKNOWN | 14 | 2013-01-09 - 22:34 | over 11 years |
| 3.0.2 | UNKNOWN | 14 | 2012-12-27 - 00:13 | over 11 years |
| 3.0.2.rc3 | UNKNOWN | 14 | 2012-12-14 - 23:15 | over 11 years |
| 3.0.2.rc2 | UNKNOWN | 14 | 2012-12-12 - 00:39 | over 11 years |
| 3.0.2.rc1 | UNKNOWN | 14 | 2012-12-04 - 19:05 | over 11 years |
| 3.0.1 | UNKNOWN | 14 | 2012-10-18 - 18:44 | over 11 years |
| 3.0.1.rc1 | UNKNOWN | 14 | 2012-10-12 - 06:12 | over 11 years |
| 3.0.0 | UNKNOWN | 14 | 2012-09-28 - 18:21 | over 11 years |
| 3.0.0.rc8 | UNKNOWN | 13 | 2012-09-25 - 21:32 | over 11 years |
| 3.0.0.rc7 | UNKNOWN | 13 | 2012-09-21 - 22:50 | over 11 years |
| 3.0.0.rc5 | UNKNOWN | 13 | 2012-08-29 - 23:49 | over 11 years |
| 3.0.0.rc4 | UNKNOWN | 13 | 2012-08-25 - 00:23 | over 11 years |
| 2.7.26 | UNKNOWN | 9 | 2014-06-10 - 18:15 | almost 10 years |
| 2.7.25 | UNKNOWN | 10 | 2014-01-07 - 18:14 | over 10 years |
| 2.7.24 | UNKNOWN | 10 | 2013-12-26 - 23:45 | over 10 years |
| 2.7.23 | UNKNOWN | 10 | 2013-08-15 - 16:14 | over 10 years |
| 2.7.22 | UNKNOWN | 11 | 2013-06-18 - 17:04 | almost 11 years |
| 2.7.21 | UNKNOWN | 12 | 2013-03-12 - 18:15 | about 11 years |
| 2.7.20 | UNKNOWN | 13 | 2012-11-20 - 02:22 | over 11 years |
| 2.7.20.rc1 | UNKNOWN | 13 | 2012-11-10 - 17:08 | over 11 years |
| 2.7.19 | UNKNOWN | 13 | 2012-08-21 - 21:54 | over 11 years |
| 2.7.18 | UNKNOWN | 13 | 2012-07-11 - 01:04 | almost 12 years |
| 2.7.17 | UNKNOWN | 21 | 2012-06-20 - 00:25 | almost 12 years |
| 2.7.16 | UNKNOWN | 21 | 2012-06-14 - 01:36 | almost 12 years |
| 2.7.14 | UNKNOWN | 21 | 2012-05-02 - 18:33 | about 12 years |
| 2.7.13 | UNKNOWN | 21 | 2012-04-11 - 01:09 | about 12 years |
| 2.7.12 | UNKNOWN | 29 | 2012-03-12 - 17:38 | about 12 years |
| 2.7.11 | UNKNOWN | 29 | 2012-02-23 - 05:34 | about 12 years |
| 2.7.9 | UNKNOWN | 31 | 2011-12-10 - 02:51 | over 12 years |
| 2.7.8 | UNKNOWN | 31 | 2011-12-09 - 06:47 | over 12 years |
| 2.7.6 | UNKNOWN | 31 | 2011-10-24 - 19:57 | over 12 years |
| 2.7.5 | UNKNOWN | 31 | 2011-09-30 - 21:58 | over 12 years |
| 2.7.4 | UNKNOWN | 37 | 2011-09-28 - 23:35 | over 12 years |
| 2.7.3 | UNKNOWN | 37 | 2011-08-15 - 17:51 | over 12 years |
| 2.7.1 | UNKNOWN | 37 | 2011-06-22 - 22:41 | almost 13 years |
| 2.6.18 | UNKNOWN | 14 | 2013-03-12 - 16:57 | about 11 years |
| 2.6.17 | UNKNOWN | 14 | 2012-07-11 - 01:03 | almost 12 years |
| 2.6.16 | UNKNOWN | 16 | 2012-04-11 - 19:38 | about 12 years |
| 2.6.15 | UNKNOWN | 16 | 2012-04-11 - 01:09 | about 12 years |
| 2.6.14 | UNKNOWN | 19 | 2012-02-23 - 05:34 | about 12 years |
| 2.6.13 | UNKNOWN | 20 | 2011-12-12 - 22:53 | over 12 years |
| 2.6.12 | UNKNOWN | 20 | 2011-10-24 - 19:57 | over 12 years |
| 2.6.11 | UNKNOWN | 20 | 2011-09-30 - 21:57 | over 12 years |
| 2.6.10 | UNKNOWN | 23 | 2011-09-28 - 23:35 | over 12 years |
| 2.6.9 | UNKNOWN | 23 | 2011-06-21 - 22:05 | almost 13 years |
| 2.6.8 | UNKNOWN | 23 | 2011-04-27 - 21:15 | about 13 years |
| 2.6.7 | UNKNOWN | 23 | 2011-03-24 - 22:35 | about 13 years |
| 2.6.6 | UNKNOWN | 23 | 2011-03-09 - 22:47 | about 13 years |
| 2.6.5 | UNKNOWN | 23 | 2011-03-01 - 01:03 | about 13 years |
| 2.6.4 | UNKNOWN | 23 | 2010-12-01 - 21:05 | over 13 years |
| 2.6.3 | UNKNOWN | 25 | 2010-11-16 - 23:09 | over 13 years |
| 2.6.2 | UNKNOWN | 25 | 2010-10-07 - 19:18 | over 13 years |
| 2.6.1 | UNKNOWN | 25 | 2010-09-14 - 01:54 | over 13 years |
| 2.6.0 | UNKNOWN | 25 | 2010-07-20 - 04:31 | almost 14 years |
| 0.25.5 | UNKNOWN | 24 | 2010-05-18 - 00:42 | almost 14 years |
| 0.25.4 | UNKNOWN | 24 | 2010-01-29 - 07:13 | over 14 years |
| 0.25.3 | UNKNOWN | 24 | 2010-01-12 - 02:28 | over 14 years |
| 0.25.2 | UNKNOWN | 24 | 2010-01-05 - 06:31 | over 14 years |
| 0.25.1 | UNKNOWN | 26 | 2009-10-27 - 10:00 | over 14 years |
| 0.25.0 | UNKNOWN | 26 | 2009-09-24 - 22:19 | over 14 years |
| 0.24.9 | UNKNOWN | 24 | 2010-01-05 - 10:02 | over 14 years |
| 0.24.8 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.7 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.6 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.5 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.4 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.3 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.2 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.1 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.24.0 | UNKNOWN | 25 | 2009-07-25 - 18:02 | almost 15 years |
| 0.23.2 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.23.1 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.23.0 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.22.4 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.18.4 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.16.0 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.13.6 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.13.2 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.13.1 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.13.0 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |
| 0.9.2 | UNKNOWN | 24 | 2009-07-25 - 18:02 | almost 15 years |