Lucene search

HistoryNov 01, 2023 - 12:00 a.m.

Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Curl Vulnerabilities

2023-11-0100:00:00

www.tenable.com

puppet enterprise

curl vulnerabilities

security advisory

cve-2021-22897

cve-2021-22898

cve-2021-22901

nessus

unix

exploits

6.4 Medium

AI Score

Confidence

Low

JSON

For more information about this vulnerability, refer to the security announcements.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text in this plugin were  
# extracted from the PuppetLabs Security Advisory page. The text
# itself is copyright (C)  Perforce Software, Inc.
##

include('compat.inc');

if (description)
{
  script_id(184149);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");

  script_cve_id("CVE-2021-22897", "CVE-2021-22898", "CVE-2021-22901");

  script_name(english:"Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Curl Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An instance of Puppet Agent installed on the remote system is affected by a curl vulnerability.");
  script_set_attribute(attribute:"description", value:
"For more information about this vulnerability, refer to the security announcements.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.puppet.com/security/cve/curl-june-2021-security-fixes");
  script_set_attribute(attribute:"see_also", value:"https://curl.se/docs/CVE-2021-22897.html");
  script_set_attribute(attribute:"see_also", value:"https://curl.se/docs/CVE-2021-22898.html");
  script_set_attribute(attribute:"see_also", value:"https://curl.se/docs/CVE-2021-22901.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Puppet Agent version 2019.8.7, 2021.2 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22901");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:puppetlabs:puppet_enterprise");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("puppet_enterprise_nix_installed.nbin");
  script_require_keys("installed_sw/puppet_enterprise_console");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'puppet_enterprise_console');

var constraintList = [
    { 'min_version':'2021.0', 'fixed_version':'2021.2' },
    { 'min_version':'2019.0', 'fixed_version':'2019.8.7' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraintList, severity:SECURITY_WARNING);

VendorProductVersionCPE
puppetlabspuppet_enterprisecpe:/a:puppetlabs:puppet_enterprise

Vendor	Product	Version	CPE
puppetlabs	puppet_enterprise		cpe:/a:puppetlabs:puppet_enterprise

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22897

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901

curl.se/docs/CVE-2021-22897.html

curl.se/docs/CVE-2021-22898.html

curl.se/docs/CVE-2021-22901.html

www.puppet.com/security/cve/curl-june-2021-security-fixes

6.4 Medium

AI Score

Confidence

Low

JSON

Related for PUPPET_ENTERPRISE_CVE-2021-22897.NASL