CVE-2021-27022

MEDIUM

Puppet < 2021.3.0 - Log Information Exposure

Title source: rule
STIX 2.1

Description

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

References (2)

Core 2
Core References
Various Sources x_refsource_misc
https://puppet.com/security/cve/cve-2021-27022/%5D
Vendor Advisory x_refsource_misc
https://puppet.com/security/cve/cve-2021-27022/

Scores

CVSS v3 4.9
EPSS 0.0034
EPSS Percentile 56.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (2)
puppet/puppet 2021.0.0 - 2021.3.0
puppet/puppet_enterprise < 2019.8.8
Published Sep 07, 2021
Tracked Since Feb 18, 2026