7 matches found
CVE-2021-27017
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...
CVE-2021-27017
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...
CVE-2021-27017 Deserialization of untrusted data
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...
CVE-2021-27017
CVE-2021-27017 describes a deserialization vulnerability in Puppet Agent prior to 7.4.0 caused by using a module that accepts untrusted user data. The CVSS-based impact indicates high confidentiality, integrity, and availability with network access, high attack complexity, and high privileges req...
CVE-2021-27017 Deserialization of untrusted data
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...
CVE-2021-27017
Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...
Puppet Agent 7.x < 7.4.0 Deserialization
The version of Puppet Agent installed on the remote Windows host is 7.x prior to 7.4.0. It is, therefore, affected by an deserialization vulnerability. An authenticated, remote attacker can exploit this to execute arbitrary code on the target host. Note that Nessus has not tested for this issue b...