CVE-2021-27025
First published: Thu Nov 18 2021(Updated: )
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Credit: security@puppet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet Puppet | >=2021.0.0<2021.4.0 | |
| Puppet Puppet Agent | <6.25.1 | |
| Puppet Puppet Agent | >=5.5.0<=5.5.22 | |
| Puppet Puppet Agent | >=7.0.0<7.12.1 | |
| Puppet Puppet Enterprise | <2019.8.9 | |
| Fedoraproject Fedora | =35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27025?
CVE-2021-27025 is a vulnerability found in Puppet Agent that may silently ignore Augeas settings or be vulnerable to a Denial of Service condition.
How does CVE-2021-27025 affect Puppet Agent?
CVE-2021-27025 affects Puppet Agent by potentially causing it to ignore Augeas settings or be vulnerable to a Denial of Service condition.
Which versions of Puppet Agent are affected by CVE-2021-27025?
Puppet Agent versions up to and including 6.25.1, 5.5.0 to 5.5.22, and 7.0.0 to 7.12.1 are affected by CVE-2021-27025.
How severe is CVE-2021-27025?
CVE-2021-27025 has a severity score of 6.5 out of 10.
How can I fix CVE-2021-27025?
To fix CVE-2021-27025, it is recommended to update Puppet Agent to a version that is not affected by the vulnerability.
- collector/nvd-index
- vendor/puppet
- product/puppet
- canonical/puppet puppet
- product/puppet agent
- canonical/puppet puppet agent
- product/puppet enterprise
- canonical/puppet puppet enterprise
- vendor/fedoraproject
- product/fedora
- canonical/fedoraproject fedora