Lucene search

[email protected]CVE-2021-27025

HistoryNov 18, 2021 - 3:15 p.m.

CVE-2021-27025

2021-11-1815:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

110

cve-2021-27025

puppet agent

flaw

dos

denial of service

augeas

settings

pluginsync

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.4%

JSON

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first ‘pluginsync’.

CPENameOperatorVersion
puppet:puppet_agentpuppet puppet agentlt7.12.1
puppet:puppet_agentpuppet puppet agentlt6.25.1
puppet:puppetpuppetlt2021.4.0
puppet:puppet_agentpuppet puppet agentle5.5.22
puppet:puppet_enterprisepuppet puppet enterpriselt2019.8.9
fedoraproject:fedorafedoraproject fedoraeq35

CPE	Name	Operator	Version
puppet:puppet_agent	puppet puppet agent	lt	7.12.1
puppet:puppet_agent	puppet puppet agent	lt	6.25.1
puppet:puppet	puppet	lt	2021.4.0
puppet:puppet_agent	puppet puppet agent	le	5.5.22
puppet:puppet_enterprise	puppet puppet enterprise	lt	2019.8.9
fedoraproject:fedora	fedoraproject fedora	eq	35