Ruby/puppet/6.25.0
Puppet, an automated configuration management tool
https://rubygems.org/gems/puppet
Apache-2.0
2 Security Vulnerabilities
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Published date: 2021-12-02T17:52:45Z
CVE: CVE-2021-27023
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27023
- https://puppet.com/security/cve/CVE-2021-27023
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-93j5-g845-9wqp
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Silent Configuration Failure in Puppet Agent
Published date: 2021-12-02T17:54:25Z
CVE: CVE-2021-27025
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27025
- https://puppet.com/security/cve/cve-2021-27025
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-q4g7-jrxv-67r9
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
291 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 8.6.0 | Apache-2.0 | 2024-04-11 - 16:35 | 19 days | |
| 8.5.1 | Apache-2.0 | 2024-03-05 - 22:23 | about 2 months | |
| 8.5.0 | Apache-2.0 | 2024-02-27 - 18:49 | 2 months | |
| 8.4.0 | Apache-2.0 | 2024-01-18 - 18:22 | 3 months | |
| 8.3.1 | Apache-2.0 | 2023-11-07 - 17:42 | 6 months | |
| 8.2.0 | Apache-2.0 | 2023-08-23 - 18:22 | 8 months | |
| 8.1.0 | Apache-2.0 | 2023-06-14 - 17:22 | 11 months | |
| 8.0.1 | Apache-2.0 | 2023-04-26 - 18:26 | about 1 year | |
| 8.0.0 | Apache-2.0 | 2023-04-25 - 18:59 | about 1 year | |
| 7.30.0 | Apache-2.0 | 2024-04-11 - 16:14 | 19 days | |
| 7.29.1 | Apache-2.0 | 2024-03-05 - 22:08 | about 2 months | |
| 7.29.0 | Apache-2.0 | 2024-02-27 - 18:28 | 2 months | |
| 7.28.0 | Apache-2.0 | 2024-01-18 - 17:49 | 3 months | |
| 7.27.0 | Apache-2.0 | 2023-11-07 - 17:20 | 6 months | |
| 7.26.0 | Apache-2.0 | 2023-08-23 - 18:19 | 8 months | |
| 7.25.0 | Apache-2.0 | 2023-06-14 - 17:26 | 11 months | |
| 7.24.0 | Apache-2.0 | 2023-04-06 - 16:30 | about 1 year | |
| 7.23.0 | Apache-2.0 | 2023-02-08 - 17:16 | about 1 year | |
| 7.22.0 | Apache-2.0 | 2023-01-25 - 00:50 | over 1 year | |
| 7.21.0 | Apache-2.0 | 2022-12-08 - 17:24 | over 1 year | |
| 7.20.0 | Apache-2.0 | 2022-10-11 - 16:17 | over 1 year | |
| 7.19.0 | Apache-2.0 | 2022-09-13 - 16:27 | over 1 year | |
| 7.18.0 | Apache-2.0 | 2022-08-02 - 16:46 | over 1 year | |
| 7.17.0 | Apache-2.0 | 2022-05-26 - 20:27 | almost 2 years | |
| 7.16.0 | Apache-2.0 | 2022-04-19 - 16:03 | about 2 years | |
| 7.15.0 | Apache-2.0 | 2022-03-22 - 17:11 | about 2 years | |
| 7.14.0 | Apache-2.0 | 2022-01-20 - 17:19 | over 2 years | |
| 7.13.1 | Apache-2.0 | 2021-12-13 - 17:14 | over 2 years | |
| 7.12.1 | Apache-2.0 | 2021-11-09 - 17:15 | over 2 years | |
| 7.12.0 | Apache-2.0 | 4 | 2021-10-12 - 16:12 | over 2 years |
| 7.11.0 | Apache-2.0 | 4 | 2021-09-16 - 16:05 | over 2 years |
| 7.10.0 | Apache-2.0 | 4 | 2021-08-17 - 16:05 | over 2 years |
| 7.9.0 | Apache-2.0 | 4 | 2021-07-20 - 17:30 | almost 3 years |
| 7.8.0 | UNKNOWN | 4 | 2021-06-24 - 16:13 | almost 3 years |
| 7.7.0 | UNKNOWN | 4 | 2021-06-01 - 16:06 | almost 3 years |
| 7.6.1 | UNKNOWN | 4 | 2021-04-26 - 17:40 | about 3 years |
| 7.5.0 | UNKNOWN | 4 | 2021-03-16 - 17:05 | about 3 years |
| 7.4.1 | UNKNOWN | 4 | 2021-02-16 - 17:55 | about 3 years |
| 7.4.0 | UNKNOWN | 4 | 2021-02-09 - 17:22 | about 3 years |
| 7.3.0 | UNKNOWN | 4 | 2021-01-20 - 17:15 | over 3 years |
| 7.1.0 | UNKNOWN | 4 | 2020-12-15 - 17:13 | over 3 years |
| 7.0.0 | UNKNOWN | 4 | 2020-11-19 - 17:48 | over 3 years |
| 6.29.0 | Apache-2.0 | 2 | 2023-01-25 - 00:38 | over 1 year |
| 6.28.0 | Apache-2.0 | 2 | 2022-08-02 - 16:46 | over 1 year |
| 6.27.0 | Apache-2.0 | 2 | 2022-04-19 - 16:04 | about 2 years |
| 6.26.0 | Apache-2.0 | 2 | 2022-01-20 - 17:19 | over 2 years |
| 6.25.1 | Apache-2.0 | 2021-11-09 - 17:14 | over 2 years | |
| 6.25.0 | Apache-2.0 | 2 | 2021-10-12 - 16:12 | over 2 years |
| 6.24.0 | Apache-2.0 | 4 | 2021-07-20 - 17:32 | almost 3 years |
| 6.23.0 | UNKNOWN | 4 | 2021-06-24 - 16:16 | almost 3 years |
| 6.22.1 | UNKNOWN | 4 | 2021-04-26 - 17:41 | about 3 years |
| 6.21.1 | UNKNOWN | 4 | 2021-02-16 - 17:53 | about 3 years |
| 6.21.0 | UNKNOWN | 4 | 2021-02-09 - 17:21 | about 3 years |
| 6.20.0 | UNKNOWN | 4 | 2021-01-20 - 17:14 | over 3 years |
| 6.19.1 | UNKNOWN | 4 | 2020-10-22 - 16:47 | over 3 years |
| 6.19.0 | UNKNOWN | 4 | 2020-10-20 - 17:21 | over 3 years |
| 6.18.0 | UNKNOWN | 4 | 2020-08-25 - 16:12 | over 3 years |
| 6.17.0 | UNKNOWN | 4 | 2020-07-14 - 16:11 | almost 4 years |
| 6.16.0 | UNKNOWN | 4 | 2020-06-03 - 16:14 | almost 4 years |
| 6.15.0 | UNKNOWN | 4 | 2020-04-30 - 16:16 | about 4 years |
| 6.14.0 | UNKNOWN | 4 | 2020-03-10 - 19:45 | about 4 years |
| 6.13.0 | UNKNOWN | 4 | 2020-02-18 - 17:01 | about 4 years |
| 6.12.0 | UNKNOWN | 6 | 2020-01-14 - 19:02 | over 4 years |
| 6.11.1 | UNKNOWN | 6 | 2019-11-20 - 21:19 | over 4 years |
| 6.11.0 | UNKNOWN | 6 | 2019-11-19 - 17:46 | over 4 years |
| 6.10.1 | UNKNOWN | 6 | 2019-10-15 - 16:14 | over 4 years |
| 6.10.0 | UNKNOWN | 6 | 2019-10-01 - 16:03 | over 4 years |
| 6.9.0 | UNKNOWN | 6 | 2019-09-17 - 16:57 | over 4 years |
| 6.8.1 | UNKNOWN | 6 | 2019-08-28 - 15:31 | over 4 years |
| 6.8.0 | UNKNOWN | 6 | 2019-08-21 - 16:01 | over 4 years |
| 6.7.2 | UNKNOWN | 6 | 2019-07-26 - 16:49 | almost 5 years |
| 6.7.0 | UNKNOWN | 6 | 2019-07-23 - 16:23 | almost 5 years |
| 6.6.0 | UNKNOWN | 6 | 2019-07-01 - 16:37 | almost 5 years |
| 6.5.0 | UNKNOWN | 6 | 2019-06-19 - 16:09 | almost 5 years |
| 6.4.5 | UNKNOWN | 6 | 2020-01-14 - 17:39 | over 4 years |
| 6.4.4 | UNKNOWN | 6 | 2019-10-15 - 16:13 | over 4 years |
| 6.4.3 | UNKNOWN | 6 | 2019-07-16 - 17:04 | almost 5 years |
| 6.4.2 | UNKNOWN | 6 | 2019-04-30 - 15:44 | about 5 years |
| 6.4.1 | UNKNOWN | 6 | 2019-04-16 - 15:29 | about 5 years |
| 6.4.0 | UNKNOWN | 6 | 2019-03-26 - 16:13 | about 5 years |
| 6.3.0 | UNKNOWN | 6 | 2019-02-20 - 17:32 | about 5 years |
| 6.2.0 | UNKNOWN | 6 | 2019-01-24 - 20:45 | over 5 years |
| 6.1.0 | UNKNOWN | 6 | 2018-12-18 - 17:31 | over 5 years |
| 6.0.10 | UNKNOWN | 6 | 2019-07-16 - 16:46 | almost 5 years |
| 6.0.9 | UNKNOWN | 6 | 2019-04-30 - 15:28 | about 5 years |
| 6.0.8 | UNKNOWN | 6 | 2019-04-16 - 13:56 | about 5 years |
| 6.0.7 | UNKNOWN | 6 | 2019-03-26 - 14:13 | about 5 years |
| 6.0.5 | UNKNOWN | 6 | 2019-01-15 - 15:25 | over 5 years |
| 6.0.4 | UNKNOWN | 6 | 2018-11-01 - 17:07 | over 5 years |
| 6.0.3 | UNKNOWN | 6 | 2018-10-25 - 16:11 | over 5 years |
| 6.0.2 | UNKNOWN | 6 | 2018-10-04 - 17:09 | over 5 years |
| 6.0.1 | UNKNOWN | 6 | 2018-10-02 - 16:29 | over 5 years |
| 6.0.0 | UNKNOWN | 6 | 2018-09-18 - 18:27 | over 5 years |
| 5.5.22 | UNKNOWN | 4 | 2020-10-20 - 17:22 | over 3 years |
| 5.5.21 | UNKNOWN | 4 | 2020-07-14 - 16:11 | almost 4 years |
| 5.5.20 | UNKNOWN | 4 | 2020-04-30 - 16:14 | about 4 years |
| 5.5.19 | UNKNOWN | 4 | 2020-03-10 - 19:46 | about 4 years |
| 5.5.18 | UNKNOWN | 5 | 2020-01-14 - 17:39 | over 4 years |
| 5.5.17 | UNKNOWN | 5 | 2019-10-15 - 17:17 | over 4 years |
| 5.5.16 | UNKNOWN | 5 | 2019-07-16 - 16:25 | almost 5 years |