CVE Vulnerabilities

CVE-2021-27024

Published: Nov 18, 2021 | Modified: Jul 12, 2022

CVSS 3.x

8.1

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 2.x

5.5 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-27024
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0

Affected Software

Name	Vendor	Start Version	End Version
Continuous_delivery	Puppet	*	4.10.0 (excluding)

References

https://puppet.com/security/cve/cve-2021-27024

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.