Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.PUPPET_ENTERPRISE_CVE-2021-27026.NASLHistoryNov 01, 2023 - 12:00 a.m.
Puppet Enterprise < 2019.8.9 / 2021.x < 2021.4.0 Information Disclosure
2023-11-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
puppet enterprise
information disclosure
vulnerability
2019.8.9
2021.4.0
sensitive data
4.8 Medium
AI Score
Confidence
High
A flaw was discovered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text in this plugin were
# extracted from the PuppetLabs Security Advisory page. The text
# itself is copyright (C) Perforce Software, Inc.
##
include('compat.inc');
if (description)
{
script_id(184152);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id("CVE-2021-27026");
script_name(english:"Puppet Enterprise < 2019.8.9 / 2021.x < 2021.4.0 Information Disclosure");
script_set_attribute(attribute:"synopsis", value:
"An instance of Puppet Enterprise installed on the remote system is affected by an information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"A flaw was discovered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be
logged.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
# https://www.puppet.com/security/cve/cve-2021-27026-sensitive-information-may-be-logged
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ff105623");
script_set_attribute(attribute:"solution", value:
"Upgrade to Puppet Enterprise version 2019.8.9, 2021.4.0, or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27026");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:puppetlabs:puppet_enterprise");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("puppet_enterprise_nix_installed.nbin");
script_require_keys("installed_sw/puppet_enterprise_console");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'puppet_enterprise_console');
var constraints = [
{ 'fixed_version':'2019.8.9' },
{ 'min_version':'2021.0', 'fixed_version':'2021.4.0' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| puppetlabs | puppet_enterprise | cpe:/a:puppetlabs:puppet_enterprise |
