CVE Vulnerabilities

CVE-2021-27018

Improper Certificate Validation

Published: Aug 30, 2021 | Modified: Sep 07, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Remediate Puppet * 2.0.1 (excluding)
Puppet Ubuntu bionic *
Puppet Ubuntu hirsute *
Puppet Ubuntu impish *
Puppet Ubuntu kinetic *
Puppet Ubuntu trusty *
Puppet Ubuntu trusty/esm *
Puppet Ubuntu xenial *

Potential Mitigations

References