Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process, which could lead to an HTTP redirect to other hosts when performing HTTP credential disclosure. No detailed vulnerability details are available at this time.