Ruby/puppet/6.25.0
Puppet, an automated configuration management tool
https://rubygems.org/gems/puppet
Apache-2.0
2 Security Vulnerabilities
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Published date: 2021-12-02T17:52:45Z
CVE: CVE-2021-27023
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27023
- https://puppet.com/security/cve/CVE-2021-27023
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-93j5-g845-9wqp
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
Silent Configuration Failure in Puppet Agent
Published date: 2021-12-02T17:54:25Z
CVE: CVE-2021-27025
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27025
- https://puppet.com/security/cve/cve-2021-27025
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-q4g7-jrxv-67r9
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Affected versions:
["6.19.1", "6.19.0", "6.18.0", "6.17.0", "6.16.0", "6.15.0", "6.14.0", "6.13.0", "6.12.0", "6.11.1", "6.11.0", "6.10.1", "6.10.0", "6.9.0", "6.8.1", "6.8.0", "6.7.2", "6.7.0", "6.6.0", "6.5.0", "6.4.5", "6.4.4", "6.4.3", "6.4.2", "6.4.1", "6.4.0", "6.3.0", "6.2.0", "6.1.0", "6.0.10", "6.0.9", "6.0.8", "6.0.7", "6.0.5", "6.0.4", "6.0.3", "6.0.2", "6.0.1", "6.0.0", "5.5.22", "5.5.21", "5.5.20", "5.5.19", "5.5.18", "5.5.17", "5.5.16", "5.5.14", "5.5.13", "5.5.12", "5.5.10", "5.5.8", "5.5.7", "5.5.6", "5.5.3", "5.5.2", "5.5.1", "5.5.0", "5.4.0", "5.3.7", "5.3.6", "5.3.5", "5.3.4", "5.3.3", "5.3.2", "5.3.1", "5.2.0", "5.1.0", "5.0.1", "5.0.0", "4.10.12", "4.10.11", "4.10.10", "4.10.9", "4.10.8", "4.10.7", "4.10.6", "4.10.5", "4.10.4", "4.10.1", "4.10.0", "4.9.4", "4.9.3", "4.9.2", "4.9.1", "4.9.0", "4.8.2", "4.8.1", "4.8.0", "4.7.1", "4.7.0", "4.6.2", "4.6.1", "4.5.3", "4.5.2", "4.5.1", "4.5.0", "4.4.2", "4.4.1", "4.4.0", "4.3.2", "4.3.1", "4.3.0", "4.2.3", "4.2.2", "4.2.1", "4.2.0", "4.1.0", "4.0.0", "4.0.0.rc1", "3.8.7", "3.8.6", "3.8.5", "3.8.4", "3.8.3", "3.8.2", "3.8.1", "3.7.5", "3.7.4", "3.7.3", "3.7.2", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.6.0.rc1", "3.5.1", "3.5.1.rc1", "3.5.0.rc3", "3.5.0.rc2", "3.5.0.rc1", "3.4.3", "3.4.2", "3.4.1", "3.4.0", "3.4.0.rc2", "3.4.0.rc1", "3.3.2", "3.3.1", "3.3.1.rc3", "3.3.1.rc2", "3.3.1.rc1", "3.3.0", "3.3.0.rc3", "3.3.0.rc2", "3.2.4", "3.2.3", "3.2.3.rc1", "3.2.2", "3.2.1", "3.2.1.rc1", "3.2.0.rc2", "3.2.0.rc1", "3.1.1", "3.1.0", "3.1.0.rc2", "3.1.0.rc1", "3.0.2", "3.0.2.rc3", "3.0.2.rc2", "3.0.2.rc1", "3.0.1", "3.0.1.rc1", "3.0.0", "3.0.0.rc8", "3.0.0.rc7", "3.0.0.rc5", "3.0.0.rc4", "2.7.26", "2.7.25", "2.7.24", "2.7.23", "2.7.22", "2.7.21", "2.7.20", "2.7.20.rc1", "2.7.19", "2.7.18", "2.7.17", "2.7.16", "2.7.14", "2.7.13", "2.7.12", "2.7.11", "2.7.9", "2.7.8", "2.7.6", "2.7.5", "2.7.4", "2.7.3", "2.7.1", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "0.25.5", "0.25.4", "0.25.3", "0.25.2", "0.25.1", "0.25.0", "0.24.9", "0.24.8", "0.24.7", "0.24.6", "0.24.5", "0.24.4", "0.24.3", "0.24.2", "0.24.1", "0.24.0", "0.23.2", "0.23.1", "0.23.0", "0.22.4", "0.18.4", "0.16.0", "0.13.6", "0.13.2", "0.13.1", "0.13.0", "0.9.2", "6.20.0", "6.21.0", "6.21.1", "6.22.1", "6.23.0", "6.24.0", "6.25.0", "7.0.0", "7.1.0", "7.3.0", "7.4.0", "7.4.1", "7.5.0", "7.6.1", "7.7.0", "7.8.0", "7.9.0", "7.10.0", "7.11.0", "7.12.0"]
Secure versions:
[7.12.1, 6.25.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 8.0.0, 8.0.1, 8.1.0, 7.25.0, 8.2.0, 7.26.0, 8.3.1, 7.27.0, 8.4.0, 7.28.0, 8.5.0, 7.29.0, 8.5.1, 7.29.1, 8.6.0, 7.30.0]
Recommendation:
Update to version 8.6.0.
291 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
6.28.0 | Apache-2.0 | 2 | 2022-08-02 - 16:46 | almost 2 years |
6.29.0 | Apache-2.0 | 2 | 2023-01-25 - 00:38 | over 1 year |
6.27.0 | Apache-2.0 | 2 | 2022-04-19 - 16:04 | about 2 years |
6.26.0 | Apache-2.0 | 2 | 2022-01-20 - 17:19 | over 2 years |
4.2.3 | UNKNOWN | 10 | 2015-10-29 - 23:24 | over 8 years |
4.3.1 | UNKNOWN | 10 | 2015-11-30 - 18:51 | over 8 years |
4.1.0 | UNKNOWN | 10 | 2015-05-20 - 22:07 | about 9 years |
4.4.0 | UNKNOWN | 10 | 2016-03-16 - 20:53 | about 8 years |
4.4.1 | UNKNOWN | 10 | 2016-03-23 - 20:14 | about 8 years |
4.2.2 | UNKNOWN | 10 | 2015-09-14 - 19:11 | over 8 years |
4.2.0 | UNKNOWN | 10 | 2015-06-24 - 22:51 | almost 9 years |
4.3.0 | UNKNOWN | 10 | 2015-11-17 - 18:35 | over 8 years |
4.2.1 | UNKNOWN | 10 | 2015-07-22 - 20:52 | almost 9 years |
4.0.0 | UNKNOWN | 10 | 2015-04-15 - 17:14 | about 9 years |
4.3.2 | UNKNOWN | 10 | 2016-01-25 - 19:57 | over 8 years |
3.8.6 | UNKNOWN | 9 | 2016-03-11 - 17:38 | about 8 years |
3.7.5 | UNKNOWN | 9 | 2015-03-26 - 16:24 | about 9 years |
4.0.0.rc1 | UNKNOWN | 9 | 2015-03-19 - 17:57 | about 9 years |
3.7.4 | UNKNOWN | 9 | 2015-01-27 - 23:49 | over 9 years |
3.7.1 | UNKNOWN | 9 | 2014-09-15 - 22:20 | over 9 years |
3.8.4 | UNKNOWN | 9 | 2015-11-04 - 00:39 | over 8 years |
3.8.5 | UNKNOWN | 9 | 2016-01-21 - 22:14 | over 8 years |
3.8.1 | UNKNOWN | 9 | 2015-05-26 - 18:01 | almost 9 years |
3.7.0 | UNKNOWN | 9 | 2014-09-04 - 18:03 | over 9 years |
3.6.2 | UNKNOWN | 9 | 2014-06-10 - 17:25 | almost 10 years |
2.7.26 | UNKNOWN | 9 | 2014-06-10 - 18:15 | almost 10 years |
3.8.2 | UNKNOWN | 9 | 2015-08-06 - 22:04 | almost 9 years |
3.8.7 | UNKNOWN | 9 | 2016-04-26 - 16:58 | about 8 years |
3.7.2 | UNKNOWN | 9 | 2014-10-22 - 18:41 | over 9 years |
3.7.3 | UNKNOWN | 9 | 2014-11-04 - 17:42 | over 9 years |
3.8.3 | UNKNOWN | 9 | 2015-09-21 - 23:28 | over 8 years |
3.0.0.rc4 | UNKNOWN | 13 | 2012-08-25 - 00:23 | over 11 years |
3.0.0.rc5 | UNKNOWN | 13 | 2012-08-29 - 23:49 | over 11 years |
3.0.0.rc8 | UNKNOWN | 13 | 2012-09-25 - 21:32 | over 11 years |
3.0.0.rc7 | UNKNOWN | 13 | 2012-09-21 - 22:50 | over 11 years |
5.0.0 | UNKNOWN | 8 | 2017-06-27 - 22:29 | almost 7 years |
4.9.4 | UNKNOWN | 8 | 2017-03-09 - 22:01 | about 7 years |
4.9.3 | UNKNOWN | 8 | 2017-02-27 - 17:50 | about 7 years |
5.2.0 | UNKNOWN | 8 | 2017-09-13 - 19:00 | over 6 years |
5.0.1 | UNKNOWN | 8 | 2017-07-19 - 20:31 | almost 7 years |
4.8.2 | UNKNOWN | 8 | 2017-01-19 - 22:09 | over 7 years |
4.9.0 | UNKNOWN | 8 | 2017-01-31 - 22:29 | over 7 years |
4.9.2 | UNKNOWN | 8 | 2017-02-10 - 17:51 | over 7 years |
4.8.0 | UNKNOWN | 8 | 2016-11-02 - 04:15 | over 7 years |
4.8.1 | UNKNOWN | 8 | 2016-11-22 - 21:31 | over 7 years |
4.7.0 | UNKNOWN | 8 | 2016-09-22 - 21:04 | over 7 years |
4.7.1 | UNKNOWN | 8 | 2017-01-17 - 23:41 | over 7 years |
4.9.1 | UNKNOWN | 8 | 2017-02-03 - 16:42 | over 7 years |
5.3.2 | UNKNOWN | 8 | 2017-10-05 - 17:09 | over 6 years |
4.5.0 | UNKNOWN | 8 | 2016-05-20 - 17:10 | about 8 years |
4.5.3 | UNKNOWN | 8 | 2016-07-20 - 18:45 | almost 8 years |
4.5.2 | UNKNOWN | 8 | 2016-06-14 - 19:59 | almost 8 years |
4.6.2 | UNKNOWN | 8 | 2016-09-02 - 00:51 | over 7 years |
4.5.1 | UNKNOWN | 8 | 2016-06-01 - 18:18 | almost 8 years |
5.1.0 | UNKNOWN | 8 | 2017-08-17 - 21:48 | almost 7 years |
4.6.1 | UNKNOWN | 8 | 2016-08-23 - 17:49 | over 7 years |
5.3.3 | UNKNOWN | 8 | 2017-11-06 - 17:44 | over 6 years |
5.3.1 | UNKNOWN | 8 | 2017-10-02 - 20:50 | over 6 years |
4.4.2 | UNKNOWN | 8 | 2016-04-26 - 21:17 | about 8 years |
4.10.0 | UNKNOWN | 7 | 2017-04-05 - 20:44 | about 7 years |
4.10.1 | UNKNOWN | 7 | 2017-05-11 - 13:04 | about 7 years |
4.10.7 | UNKNOWN | 7 | 2017-09-06 - 18:54 | over 6 years |
4.10.5 | UNKNOWN | 7 | 2017-07-26 - 20:23 | almost 7 years |
4.10.4 | UNKNOWN | 7 | 2017-06-19 - 16:39 | almost 7 years |
4.10.9 | UNKNOWN | 7 | 2017-11-14 - 18:14 | over 6 years |
4.10.8 | UNKNOWN | 7 | 2017-09-14 - 20:04 | over 6 years |
4.10.6 | UNKNOWN | 7 | 2017-08-09 - 17:10 | almost 7 years |
5.3.4 | UNKNOWN | 6 | 2018-02-05 - 18:13 | over 6 years |
5.3.6 | UNKNOWN | 6 | 2018-04-18 - 15:38 | about 6 years |
5.4.0 | UNKNOWN | 6 | 2018-02-14 - 18:40 | over 6 years |
5.3.7 | UNKNOWN | 6 | 2018-06-20 - 17:05 | almost 6 years |
5.3.5 | UNKNOWN | 6 | 2018-02-13 - 21:04 | over 6 years |
4.10.10 | UNKNOWN | 6 | 2018-02-05 - 18:02 | over 6 years |
6.0.1 | UNKNOWN | 6 | 2018-10-02 - 16:29 | over 5 years |
6.0.3 | UNKNOWN | 6 | 2018-10-25 - 16:11 | over 5 years |
6.0.4 | UNKNOWN | 6 | 2018-11-01 - 17:07 | over 5 years |
6.0.2 | UNKNOWN | 6 | 2018-10-04 - 17:09 | over 5 years |
6.0.0 | UNKNOWN | 6 | 2018-09-18 - 18:27 | over 5 years |
6.0.8 | UNKNOWN | 6 | 2019-04-16 - 13:56 | about 5 years |
6.0.9 | UNKNOWN | 6 | 2019-04-30 - 15:28 | about 5 years |
6.0.7 | UNKNOWN | 6 | 2019-03-26 - 14:13 | about 5 years |
6.1.0 | UNKNOWN | 6 | 2018-12-18 - 17:31 | over 5 years |
6.3.0 | UNKNOWN | 6 | 2019-02-20 - 17:32 | about 5 years |
6.4.0 | UNKNOWN | 6 | 2019-03-26 - 16:13 | about 5 years |
6.2.0 | UNKNOWN | 6 | 2019-01-24 - 20:45 | over 5 years |
6.0.10 | UNKNOWN | 6 | 2019-07-16 - 16:46 | almost 5 years |
6.0.5 | UNKNOWN | 6 | 2019-01-15 - 15:25 | over 5 years |
6.4.4 | UNKNOWN | 6 | 2019-10-15 - 16:13 | over 4 years |
6.4.5 | UNKNOWN | 6 | 2020-01-14 - 17:39 | over 4 years |
6.4.3 | UNKNOWN | 6 | 2019-07-16 - 17:04 | almost 5 years |
6.6.0 | UNKNOWN | 6 | 2019-07-01 - 16:37 | almost 5 years |
6.7.2 | UNKNOWN | 6 | 2019-07-26 - 16:49 | almost 5 years |
6.8.0 | UNKNOWN | 6 | 2019-08-21 - 16:01 | over 4 years |
6.7.0 | UNKNOWN | 6 | 2019-07-23 - 16:23 | almost 5 years |
6.5.0 | UNKNOWN | 6 | 2019-06-19 - 16:09 | almost 5 years |
6.4.2 | UNKNOWN | 6 | 2019-04-30 - 15:44 | about 5 years |
6.10.0 | UNKNOWN | 6 | 2019-10-01 - 16:03 | over 4 years |
6.11.0 | UNKNOWN | 6 | 2019-11-19 - 17:46 | over 4 years |
6.11.1 | UNKNOWN | 6 | 2019-11-20 - 21:19 | over 4 years |
6.10.1 | UNKNOWN | 6 | 2019-10-15 - 16:14 | over 4 years |