A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
References
Link | Resource |
---|---|
https://puppet.com/security/cve/cve-2021-27022/ | Vendor Advisory |
https://puppet.com/security/cve/cve-2021-27022/%5D |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Jan 2022, 16:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Puppet puppet Enterprise
|
|
CPE | cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* |
16 Dec 2021, 20:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://puppet.com/security/cve/cve-2021-27022/ - Vendor Advisory |
21 Sep 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Sep 2021, 15:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:puppet:puppet:*:*:*:*:enterprise:*:*:* | |
CWE | CWE-532 | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.9 |
References |
|
07 Sep 2021, 15:07
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-07 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-27022
Mitre link : CVE-2021-27022
CVE.ORG link : CVE-2021-27022
JSON object : View
Products Affected
puppet
- puppet_enterprise
- puppet
CWE
CWE-532
Insertion of Sensitive Information into Log File