CVE-2021-27022
First published: Tue Sep 07 2021(Updated: )
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
Credit: security@puppet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet | >=2021.0.0<2021.3.0 | |
| Puppet Enterprise | <2019.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2021-27022.
What software is affected by this vulnerability?
The affected software includes Puppet Puppet versions between 2021.0.0 and 2021.3.0, as well as Puppet Puppet Enterprise versions up to 2019.8.8.
What is the severity rating of CVE-2021-27022?
CVE-2021-27022 has a severity rating of 4.9, which is considered medium.
What is the description of this vulnerability?
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
How can I find more information about CVE-2021-27022?
You can find more information about CVE-2021-27022 on the Puppet Security website at https://puppet.com/security/cve/cve-2021-27022/.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/puppet
- canonical/puppet
- version/puppet/2021.0.0
- canonical/puppet enterprise