CVE-2021-27022

CVE-2021-27022

Vendor N/A
Product Puppet Enterprise
Weakness CWE-532 · Sensitive info in logs
Published September 7, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

Key dates

02Disclosure timeline

September 7, 2021 CVE published
August 3, 2024 Record updated