Lucene search
ROSA LABROSA-SA-2024-2329HistoryJan 23, 2024 - 12:29 p.m.
Advisory ROSA-SA-2024-2329
2024-01-2312:29:58
ROSA LAB
abf.rosalinux.ru
2
puppet
rosa-chrome
vulnerability
puppetdb
sql
exploitation
sensitive data
integrity
denial-of-service
dnf update puppet
unix
software: puppet 7.25.0
OS: ROSA-CHROME
package_evr_string: puppet-7.25.0-1.src.rpm
CVE-ID: CVE-2021-27021
BDU-ID: 2022-01884
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the PuppetDB database management system is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update puppet
Related
ubuntucve
ubuntucve
CVE-2021-27021
2021-07-20 00:00:00
nessus
nessus
FreeBSD : PuppetDB -- SQL Injection (41bc849f-d5ef-11eb-ae37-589cfc007716)
2021-06-29 00:00:00
Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 SQLi
2023-11-01 00:00:00
cve
cve
CVE-2021-27021
2021-07-20 11:15:00
veracode
veracode
Privilege Escalation
2022-12-10 04:35:45
rosalinux
rosalinux
Advisory ROSA-SA-2023-2297
2023-11-21 12:46:58
cvelist
cvelist
CVE-2021-27021
2021-07-20 10:44:49
redhatcve
redhatcve
CVE-2021-27021
2021-06-25 18:33:13
prion
prion
Design/Logic Flaw
2021-07-20 11:15:00
osv
osv
CVE-2021-27021
2021-07-20 11:15:00
debiancve
debiancve
CVE-2021-27021
2021-07-20 11:15:00
freebsd
freebsd
PuppetDB -- SQL Injection
2021-06-24 00:00:00
archlinux
archlinux
[ASA-202107-8] puppet: privilege escalation
2021-07-01 00:00:00