Ruby/puppet/6.20.0

Puppet, an automated configuration management tool

Repo Link: https://rubygems.org/gems/puppet
License: UNKNOWN

4 Security Vulnerabilities

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

Published date: 2021-12-02T17:52:45Z

CVE: CVE-2021-27023

Links:

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]

Secure versions: [7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]

Recommendation: Update to version 8.6.0.

Silent Configuration Failure in Puppet Agent

Published date: 2021-12-02T17:54:25Z

CVE: CVE-2021-27025

Links:

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Recommendation: Update to version 8.6.0.

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

Published date: 2021-12-02

CVE: 2021-27023

CVSS V3: 6.5

Links:

https://puppet.com/security/cve/CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "7.0.0", "7.1.0", "7.3.0", "6.20.0", "7.4.0", "6.21.0", "7.4.1", "6.21.1", "7.5.0", "7.6.1", "6.22.1", "7.7.0", "7.8.0", "6.23.0", "7.9.0", "6.24.0", "7.10.0", "7.11.0", "7.12.0", "6.26.0", "6.27.0", "6.28.0", "6.29.0"]

Recommendation: Update to version 8.6.0.

Silent Configuration Failure in Puppet Agent

Published date: 2021-12-02

CVE: 2021-27025

CVSS V3: 6.5

Links:

https://puppet.com/security/cve/cve-2021-27025

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Affected versions: ["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "7.0.0", "7.1.0", "7.3.0", "6.20.0", "7.4.0", "6.21.0", "7.4.1", "6.21.1", "7.5.0", "7.6.1", "6.22.1", "7.7.0", "7.8.0", "6.23.0", "7.9.0", "6.24.0", "7.10.0", "7.11.0", "7.12.0", "6.26.0", "6.27.0", "6.28.0", "6.29.0"]

Recommendation: Update to version 8.6.0.

291 Other Versions

Version	License	Security	Released
3.2.3	UNKNOWN	13	2013-07-15 - 18:39	almost 11 years
3.2.3.rc1	UNKNOWN	13	2013-07-03 - 00:14	almost 11 years
3.2.2	UNKNOWN	13	2013-06-18 - 17:04	almost 11 years
3.2.1	UNKNOWN	15	2013-05-22 - 18:58	almost 11 years
3.2.1.rc1	UNKNOWN	15	2013-05-17 - 22:56	almost 11 years
3.2.0.rc2	UNKNOWN	13	2013-05-07 - 17:40	about 11 years
3.2.0.rc1	UNKNOWN	13	2013-04-18 - 20:38	about 11 years
3.1.1	UNKNOWN	13	2013-03-12 - 16:58	about 11 years
3.1.0	UNKNOWN	15	2013-02-04 - 19:25	over 11 years
3.1.0.rc2	UNKNOWN	14	2013-01-25 - 23:24	over 11 years
3.1.0.rc1	UNKNOWN	14	2013-01-09 - 22:34	over 11 years
3.0.2	UNKNOWN	14	2012-12-27 - 00:13	over 11 years
3.0.2.rc3	UNKNOWN	14	2012-12-14 - 23:15	over 11 years
3.0.2.rc2	UNKNOWN	14	2012-12-12 - 00:39	over 11 years
3.0.2.rc1	UNKNOWN	14	2012-12-04 - 19:05	over 11 years
3.0.1	UNKNOWN	14	2012-10-18 - 18:44	over 11 years
3.0.1.rc1	UNKNOWN	14	2012-10-12 - 06:12	over 11 years
3.0.0	UNKNOWN	14	2012-09-28 - 18:21	over 11 years
3.0.0.rc8	UNKNOWN	13	2012-09-25 - 21:32	over 11 years
3.0.0.rc7	UNKNOWN	13	2012-09-21 - 22:50	over 11 years
3.0.0.rc5	UNKNOWN	13	2012-08-29 - 23:49	over 11 years
3.0.0.rc4	UNKNOWN	13	2012-08-25 - 00:23	over 11 years
2.7.26	UNKNOWN	9	2014-06-10 - 18:15	almost 10 years
2.7.25	UNKNOWN	10	2014-01-07 - 18:14	over 10 years
2.7.24	UNKNOWN	10	2013-12-26 - 23:45	over 10 years
2.7.23	UNKNOWN	10	2013-08-15 - 16:14	over 10 years
2.7.22	UNKNOWN	11	2013-06-18 - 17:04	almost 11 years
2.7.21	UNKNOWN	12	2013-03-12 - 18:15	about 11 years
2.7.20	UNKNOWN	13	2012-11-20 - 02:22	over 11 years
2.7.20.rc1	UNKNOWN	13	2012-11-10 - 17:08	over 11 years
2.7.19	UNKNOWN	13	2012-08-21 - 21:54	over 11 years
2.7.18	UNKNOWN	13	2012-07-11 - 01:04	almost 12 years
2.7.17	UNKNOWN	21	2012-06-20 - 00:25	almost 12 years
2.7.16	UNKNOWN	21	2012-06-14 - 01:36	almost 12 years
2.7.14	UNKNOWN	21	2012-05-02 - 18:33	about 12 years
2.7.13	UNKNOWN	21	2012-04-11 - 01:09	about 12 years
2.7.12	UNKNOWN	29	2012-03-12 - 17:38	about 12 years
2.7.11	UNKNOWN	29	2012-02-23 - 05:34	about 12 years
2.7.9	UNKNOWN	31	2011-12-10 - 02:51	over 12 years
2.7.8	UNKNOWN	31	2011-12-09 - 06:47	over 12 years
2.7.6	UNKNOWN	31	2011-10-24 - 19:57	over 12 years
2.7.5	UNKNOWN	31	2011-09-30 - 21:58	over 12 years
2.7.4	UNKNOWN	37	2011-09-28 - 23:35	over 12 years
2.7.3	UNKNOWN	37	2011-08-15 - 17:51	over 12 years
2.7.1	UNKNOWN	37	2011-06-22 - 22:41	almost 13 years
2.6.18	UNKNOWN	14	2013-03-12 - 16:57	about 11 years
2.6.17	UNKNOWN	14	2012-07-11 - 01:03	almost 12 years
2.6.16	UNKNOWN	16	2012-04-11 - 19:38	about 12 years
2.6.15	UNKNOWN	16	2012-04-11 - 01:09	about 12 years
2.6.14	UNKNOWN	19	2012-02-23 - 05:34	about 12 years
2.6.13	UNKNOWN	20	2011-12-12 - 22:53	over 12 years
2.6.12	UNKNOWN	20	2011-10-24 - 19:57	over 12 years
2.6.11	UNKNOWN	20	2011-09-30 - 21:57	over 12 years
2.6.10	UNKNOWN	23	2011-09-28 - 23:35	over 12 years
2.6.9	UNKNOWN	23	2011-06-21 - 22:05	almost 13 years
2.6.8	UNKNOWN	23	2011-04-27 - 21:15	about 13 years
2.6.7	UNKNOWN	23	2011-03-24 - 22:35	about 13 years
2.6.6	UNKNOWN	23	2011-03-09 - 22:47	about 13 years
2.6.5	UNKNOWN	23	2011-03-01 - 01:03	about 13 years
2.6.4	UNKNOWN	23	2010-12-01 - 21:05	over 13 years
2.6.3	UNKNOWN	25	2010-11-16 - 23:09	over 13 years
2.6.2	UNKNOWN	25	2010-10-07 - 19:18	over 13 years
2.6.1	UNKNOWN	25	2010-09-14 - 01:54	over 13 years
2.6.0	UNKNOWN	25	2010-07-20 - 04:31	almost 14 years
0.25.5	UNKNOWN	24	2010-05-18 - 00:42	almost 14 years
0.25.4	UNKNOWN	24	2010-01-29 - 07:13	over 14 years
0.25.3	UNKNOWN	24	2010-01-12 - 02:28	over 14 years
0.25.2	UNKNOWN	24	2010-01-05 - 06:31	over 14 years
0.25.1	UNKNOWN	26	2009-10-27 - 10:00	over 14 years
0.25.0	UNKNOWN	26	2009-09-24 - 22:19	over 14 years
0.24.9	UNKNOWN	24	2010-01-05 - 10:02	over 14 years
0.24.8	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.7	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.6	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.5	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.4	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.3	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.2	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.1	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.24.0	UNKNOWN	25	2009-07-25 - 18:02	almost 15 years
0.23.2	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.23.1	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.23.0	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.22.4	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.18.4	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.16.0	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.13.6	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.13.2	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.13.1	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.13.0	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years
0.9.2	UNKNOWN	24	2009-07-25 - 18:02	almost 15 years