A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007. Reference: https://puppet.com/security/cve/cve-2021-27023
Created puppet tracking bugs for this issue: Affects: epel-all [bug 2023861] Affects: fedora-all [bug 2023860] Affects: openstack-rdo [bug 2023862]
Per upstream notes: Puppet Server 6.17.1, shipped with Puppet 6.25.1 Puppet Server 7.4.2, shipped with Puppet 7.12.1 Upstream 7.12.1 commit: https://github.com/puppetlabs/puppet/commit/9a8d3ef017cf63ce0f848ec64394f7bad287e825
Upstream 6.x commit: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61
Upcoming RHUI4 release is notaffected as product removed puppet to suppose installation with Ansible playbooks.
This issue has been addressed in the following products: Red Hat Satellite 6.9 for RHEL 7 Via RHSA-2022:1478 https://access.redhat.com/errata/RHSA-2022:1478
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-27023
This issue has been addressed in the following products: Red Hat Satellite 6.10 for RHEL 7 Via RHSA-2022:1708 https://access.redhat.com/errata/RHSA-2022:1708
This issue has been addressed in the following products: Satellite Tools 6.9 for RHEL 7 Satellite Tools 6.9 for RHEL 6.ELS Satellite Tools 6.9 for RHEL 7.2.AUS Satellite Tools 6.9 for RHEL 7.3.AUS Satellite Tools 6.9 for RHEL 7.4.AUS Satellite Tools 6.9 for RHEL 7.4.E4S Satellite Tools 6.9 for RHEL 7.4.TUS Satellite Tools 6.9 for RHEL 7.6.AUS Satellite Tools 6.9 for RHEL 7.6.E4S Satellite Tools 6.9 for RHEL 7.6.EUS Satellite Tools 6.9 for RHEL 7.6.TUS Satellite Tools 6.9 for RHEL 7.7.AUS Satellite Tools 6.9 for RHEL 7.7.E4S Satellite Tools 6.9 for RHEL 7.7.EUS Satellite Tools 6.9 for RHEL 7.7.TUS Satellite Tools 6.9 for RHEL 8 Satellite Tools 6.9 for RHEL 8.0.E4S Satellite Tools 6.9 for RHEL 8.1.E4S Satellite Tools 6.9 for RHEL 8.1.EUS Satellite Tools 6.9 for RHEL 8.2.AUS Satellite Tools 6.9 for RHEL 8.2.E4S Satellite Tools 6.9 for RHEL 8.2.EUS Satellite Tools 6.9 for RHEL 8.2.TUS Satellite Tools 6.9 for RHEL 8.4.AUS Satellite Tools 6.9 for RHEL 8.4.E4S Satellite Tools 6.9 for RHEL 8.4.EUS Satellite Tools 6.9 for RHEL 8.6.AUS Satellite Tools 6.9 for RHEL 8.6.E4S Satellite Tools 6.9 for RHEL 8.6.EUS Satellite Tools 6.9 for RHEL 8.6.TUS Via RHSA-2022:4867 https://access.redhat.com/errata/RHSA-2022:4867
This issue has been addressed in the following products: Satellite Tools 6.10 for RHEL 7 Satellite Tools 6.10 for RHEL 6.ELS Satellite Tools 6.10 for RHEL 7.2.AUS Satellite Tools 6.10 for RHEL 7.3.AUS Satellite Tools 6.10 for RHEL 7.4.AUS Satellite Tools 6.10 for RHEL 7.4.E4S Satellite Tools 6.10 for RHEL 7.4.TUS Satellite Tools 6.10 for RHEL 7.6.AUS Satellite Tools 6.10 for RHEL 7.6.E4S Satellite Tools 6.10 for RHEL 7.6.TUS Satellite Tools 6.10 for RHEL 7.7.AUS Satellite Tools 6.10 for RHEL 7.7.E4S Satellite Tools 6.10 for RHEL 7.7.TUS Satellite Tools 6.10 for RHEL 8 Satellite Tools 6.10 for RHEL 8.1.E4S Satellite Tools 6.10 for RHEL 8.1.EUS Satellite Tools 6.10 for RHEL 8.2.AUS Satellite Tools 6.10 for RHEL 8.2.E4S Satellite Tools 6.10 for RHEL 8.2.EUS Satellite Tools 6.10 for RHEL 8.2.TUS Satellite Tools 6.10 for RHEL 8.4.AUS Satellite Tools 6.10 for RHEL 8.4.E4S Satellite Tools 6.10 for RHEL 8.4.EUS Satellite Tools 6.10 for RHEL 8.4.TUS Satellite Tools 6.10 for RHEL 8.6.AUS Satellite Tools 6.10 for RHEL 8.6.E4S Satellite Tools 6.10 for RHEL 8.6.EUS Via RHSA-2022:4866 https://access.redhat.com/errata/RHSA-2022:4866