CVE-2021-27019 - Vulnerability Details

Vendors	Products
Puppet	Puppet Enterprise Puppetdb

Link	Providers
https://puppet.com/security/cve/CVE-2021-27019

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "PuppetDB, Puppet Enterprise", "vendor": "n/a", "versions": [{"status": "affected", "version": "Affects PuppetDB 6.x prior to 6.16.1, PuppetDB 7.x prior to 7.3.1, Puppet Enterprise prior to 2019.8.6"}]}], "descriptions": [{"lang": "en", "value": "PuppetDB logging included potentially sensitive system information."}], "problemTypes": [{"descriptions": [{"description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-30T17:56:04", "orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "puppet"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://puppet.com/security/cve/CVE-2021-27019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@puppet.com", "ID": "CVE-2021-27019", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PuppetDB, Puppet Enterprise", "version": {"version_data": [{"version_value": "Affects PuppetDB 6.x prior to 6.16.1, PuppetDB 7.x prior to 7.3.1, Puppet Enterprise prior to 2019.8.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PuppetDB logging included potentially sensitive system information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insertion of Sensitive Information into Log File"}]}]}, "references": {"reference_data": [{"name": "https://puppet.com/security/cve/CVE-2021-27019", "refsource": "MISC", "url": "https://puppet.com/security/cve/CVE-2021-27019"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:40:47.286Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://puppet.com/security/cve/CVE-2021-27019"}]}]}, "cveMetadata": {"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "assignerShortName": "puppet", "cveId": "CVE-2021-27019", "datePublished": "2021-08-30T17:56:04", "dateReserved": "2021-02-09T00:00:00", "dateUpdated": "2024-08-03T20:40:47.286Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : PuppetDB, Puppet Enterprise (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Affects PuppetDB 6.x prior to 6.16.1, PuppetDB 7.x prior to 7.3.1, Puppet Enterprise prior to 2019.8.6 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : PuppetDB logging included potentially sensitive system information. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Insertion of Sensitive Information into Log File (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-08-30T17:56:04 (string)

orgId : ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e (string)

shortName : puppet (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://puppet.com/security/cve/CVE-2021-27019 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@puppet.com (string)

ID : CVE-2021-27019 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : PuppetDB, Puppet Enterprise (string)

version : { »

version_data : [ »

0 : { »

version_value : Affects PuppetDB 6.x prior to 6.16.1, PuppetDB 7.x prior to 7.3.1, Puppet Enterprise prior to 2019.8.6 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : PuppetDB logging included potentially sensitive system information. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Insertion of Sensitive Information into Log File (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://puppet.com/security/cve/CVE-2021-27019 (string)

refsource : MISC (string)

url : https://puppet.com/security/cve/CVE-2021-27019 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T20:40:47.286Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://puppet.com/security/cve/CVE-2021-27019 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e (string)

assignerShortName : puppet (string)

cveId : CVE-2021-27019 (string)

datePublished : 2021-08-30T17:56:04 (string)

dateReserved : 2021-02-09T00:00:00 (string)

dateUpdated : 2024-08-03T20:40:47.286Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2F6078A-A6F8-4850-BCF8-6483D6131861", "versionEndExcluding": "2019.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "2625208D-728B-4601-BA11-83EA54E1358E", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF0E1B3C-5F3E-49BC-B8DE-5B3AAC457B29", "versionEndExcluding": "7.3.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PuppetDB logging included potentially sensitive system information."}, {"lang": "es", "value": "El registro de PuppetDB inclu\u00eda informaci\u00f3n potencialmente confidencial del sistema."}], "id": "CVE-2021-27019", "lastModified": "2024-11-21T05:57:11.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-30T18:15:08.570", "references": [{"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2021-27019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2021-27019"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E2F6078A-A6F8-4850-BCF8-6483D6131861 (string)

versionEndExcluding : 2019.8.6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2625208D-728B-4601-BA11-83EA54E1358E (string)

versionEndExcluding : 6.16.1 (string)

versionStartIncluding : 6.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AF0E1B3C-5F3E-49BC-B8DE-5B3AAC457B29 (string)

versionEndExcluding : 7.3.1 (string)

versionStartIncluding : 7.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : PuppetDB logging included potentially sensitive system information. (string)

}

1 : { »

lang : es (string)

value : El registro de PuppetDB incluía información potencialmente confidencial del sistema. (string)

}

]

id : CVE-2021-27019 (string)

lastModified : 2024-11-21T05:57:11.427 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-08-30T18:15:08.570 (string)

references : [ »

0 : { »

source : security@puppet.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://puppet.com/security/cve/CVE-2021-27019 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://puppet.com/security/cve/CVE-2021-27019 (string)

}

]

sourceIdentifier : security@puppet.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-532 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object