CVE-2021-27018
First published: Mon Aug 30 2021(Updated: )
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source.
Credit: security@puppet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet Remediate | <2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27018?
CVE-2021-27018 is a vulnerability in the mechanism that performs certificate validation, allowing certificates signed by an internal certificate authority to not be properly validated.
What is the severity of CVE-2021-27018?
CVE-2021-27018 has a severity rating of 7.5 (high).
Which software is affected by CVE-2021-27018?
The Puppet Remediate software version up to and excluding 2.0.1 is affected by CVE-2021-27018.
How does CVE-2021-27018 impact clients configured to utilize Tenable.sc?
CVE-2021-27018 affects clients that are configured to utilize Tenable.sc as the vulnerability data source.
Where can I find more information about CVE-2021-27018?
You can find more information about CVE-2021-27018 at the following reference link: [link](https://puppet.com/security/cve/CVE-2021-27018).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/tags
- agent/description
- vendor/puppet
- canonical/puppet remediate