CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-27024

A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.4%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

https://puppet.com/security/cve/cve-2021-27024
https://puppet.com/security/cve/cve-2021-27024

Products affected by CVE-2021-27024

Puppet » Continuous Delivery » Version: 4.0.0

cpe:2.3:a:puppet:continuous_delivery:4.0.0
Puppet » Continuous Delivery » Version: 4.0.1

cpe:2.3:a:puppet:continuous_delivery:4.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27024

Products

Pricing

Contact Us