{"id":"CVE-2021-27023","details":"A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007","aliases":["GHSA-93j5-g845-9wqp"],"modified":"2026-04-10T04:31:25.364833Z","published":"2021-11-18T15:15:09.273Z","related":["SUSE-SU-2022:3355-1","SUSE-SU-2022:3794-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/"},{"type":"ADVISORY","url":"https://puppet.com/security/cve/CVE-2021-27023"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/puppetlabs/puppet-agent","events":[{"introduced":"0"},{"fixed":"57c0cc7c4389cb2a0adfbc7809e7386fefc925fd"},{"introduced":"ca1209d2558e5fe7832a61238b2d5c013c3ff12e"},{"fixed":"bbd92f8c98fab55e5d01184f275e8e7a69a5e09a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.25.1"},{"introduced":"7.0.0"},{"fixed":"7.12.1"}]}},{"type":"GIT","repo":"https://github.com/puppetlabs/puppetserver","events":[{"introduced":"0"},{"fixed":"d22218d25c4dbedeb102a463f74abf567963b8ba"},{"introduced":"c9ca5e73077a596d2f7cedb8060cb304e96095ea"},{"fixed":"ff0fe3812c4e8f44918cbef1d025a2080e1fa1b0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.17.1"},{"introduced":"7.0.0"},{"fixed":"7.4.2"}]}}],"versions":["0.1.3","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.3.0","0.3.1","0.3.2","1.2.7","1.3.0","1.3.1","1.3.2","2.0.0-rc3","4.99.0","5.1.0","5.99.0","5.99.1","5.99.2","6.10.0","6.11.0","6.11.1","6.12.0","6.12.1","6.12.2","6.13.0","6.14.0","6.14.1","6.15.0","6.15.1","6.15.2","6.15.3","6.16.0","6.16.1","6.17.0","6.2.0","6.2.1","6.3.0","6.4.0","6.5.0","6.7.0","6.7.1","6.7.2","6.8.0","6.9.0","6.9.2","7.0.2","7.0.3","7.1.0","7.1.1","7.1.2","7.12.0","7.2.0","7.2.1","7.3.0","7.4.0","7.4.1","jvm-puppet-0.1.2","jvm-puppet-0.1.3","jvm-puppet-0.1.4","jvm-puppet-0.1.5","jvm-puppet-0.1.6","puppet-server-0.1.10","puppet-server-0.1.11","puppet-server-0.1.12","puppet-server-0.1.13","puppet-server-0.1.14","puppet-server-0.1.15","puppet-server-0.1.16","puppet-server-0.1.7","puppet-server-0.1.8","puppet-server-0.1.9","puppet-server-0.2.0","puppet-server-0.2.2","puppet-server-0.4.0","puppet-server-2.1.0","puppet-server-2.1.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.8.9"}]},{"events":[{"introduced":"2021.0.0"},{"fixed":"2021.4"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27023.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}