Puppet: >> Puppet Enterprise >> 2021.2.0 Security Vulnerabilities
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-11-07
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
CVSS Score
9.8
EPSS Score
0.003
Published
2021-11-18