Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.PUPPET_ENTERPRISE_CVE-2021-22897.NASL
HistoryNov 01, 2023 - 12:00 a.m.

Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Curl Vulnerabilities

2023-11-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
puppet enterprise
curl vulnerabilities
security advisory
cve-2021-22897
cve-2021-22898
cve-2021-22901
nessus
unix
exploits

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

Low

0.1 Low

EPSS

Percentile

94.9%

JSON

For more information about this vulnerability, refer to the security announcements.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text in this plugin were  
# extracted from the PuppetLabs Security Advisory page. The text
# itself is copyright (C)  Perforce Software, Inc.
##

include('compat.inc');

if (description)
{
  script_id(184149);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");

  script_cve_id("CVE-2021-22897", "CVE-2021-22898", "CVE-2021-22901");

  script_name(english:"Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Curl Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An instance of Puppet Agent installed on the remote system is affected by a curl vulnerability.");
  script_set_attribute(attribute:"description", value:
"For more information about this vulnerability, refer to the security announcements.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.puppet.com/security/cve/curl-june-2021-security-fixes");
  script_set_attribute(attribute:"see_also", value:"https://curl.se/docs/CVE-2021-22897.html");
  script_set_attribute(attribute:"see_also", value:"https://curl.se/docs/CVE-2021-22898.html");
  script_set_attribute(attribute:"see_also", value:"https://curl.se/docs/CVE-2021-22901.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Puppet Agent version 2019.8.7, 2021.2 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22901");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:puppetlabs:puppet_enterprise");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("puppet_enterprise_nix_installed.nbin");
  script_require_keys("installed_sw/puppet_enterprise_console");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'puppet_enterprise_console');

var constraintList = [
    { 'min_version':'2021.0', 'fixed_version':'2021.2' },
    { 'min_version':'2019.0', 'fixed_version':'2019.8.7' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraintList, severity:SECURITY_WARNING);
VendorProductVersionCPE
puppetlabspuppet_enterprisecpe:/a:puppetlabs:puppet_enterprise

Related

nessus 49
fedora 4
openvas 38
archlinux 12
photon 15
ibm 7
gentoo 1
cbl_mariner 6
hackerone 4
redhatcve 4
prion 3
nvd 3
debiancve 3
osv 10
cvelist 3
ubuntucve 4
alpinelinux 3
veracode 4
cve 3
suse 2
cloudlinux 1
mageia 1
f5 1
ics 1
debian 2
amazon 3
ubuntu 3
slackware 1
cloudfoundry 1
oraclelinux 1
almalinux 1
redhat 3
rocky 1
rosalinux 1
nessus
nessus
Puppet Agent 6.x < 6.23.0 / 7.x < 7.8.0 Multiple Vulnerabilities
2023-11-01 00:00:00
Photon OS 1.0: Curl PHSA-2021-1.0-0393
2021-05-28 00:00:00
Photon OS 3.0: Curl PHSA-2021-3.0-0243
2021-05-28 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: curl-7.76.1-3.fc34
2021-05-28 01:01:28
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34
2021-07-23 01:06:01
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
2021-08-07 01:14:48
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2239)
2021-08-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2290)
2021-08-09 00:00:00
Fedora: Security Advisory for curl (FEDORA-2021-eb5b7c53a9)
2021-06-03 00:00:00
archlinux
archlinux
[ASA-202106-7] lib32-libcurl-compat: multiple issues
2021-06-01 00:00:00
[ASA-202106-6] libcurl-compat: multiple issues
2021-06-01 00:00:00
[ASA-202106-4] curl: multiple issues
2021-06-01 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0393
2021-05-26 00:00:00
Important Photon OS Security Update - PHSA-2021-0033
2021-05-26 00:00:00
Important Photon OS Security Update - PHSA-2021-0393
2021-05-26 00:00:00
ibm
ibm
Security Bulletin: IBM Aspera High-Speed Transfer Server, Endpoint, and Desktop Client are vulnerable to libcurl vulnerabilities (CVE-2021-22901, CVE-2021-22898)
2021-09-30 20:07:53
Security Bulletin: curl vulnerability impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.1.1 and earlier (CVE-2021-22897)
2021-08-03 19:16:54
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)
2022-04-22 13:35:52
gentoo
gentoo
cURL: Multiple vulnerabilities
2021-05-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-22897 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2021-22901 affecting package curl 7.76.0-9
2021-06-09 03:50:28
CVE-2021-22901 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
hackerone
hackerone
curl: CVE-2021-22897: schannel cipher selection surprise
2021-04-22 22:39:18
curl: CVE-2021-22901: TLS session caching disaster
2021-04-29 20:31:01
curl: CVE-2021-22898: TELNET stack contents disclosure
2021-04-27 09:49:43
redhatcve
redhatcve
CVE-2021-22901
2021-05-26 07:42:55
CVE-2021-22897
2021-05-26 10:12:52
CVE-2021-22898
2021-05-26 09:45:53
prion
prion
Code injection
2021-06-11 16:15:00
Design/Logic Flaw
2021-06-11 16:15:00
Stack overflow
2021-06-11 16:15:00
nvd
nvd
CVE-2021-22897
2021-06-11 16:15:10
CVE-2021-22901
2021-06-11 16:15:11
CVE-2021-22898
2021-06-11 16:15:11
debiancve
debiancve
CVE-2021-22897
2021-06-11 16:15:10
CVE-2021-22901
2021-06-11 16:15:11
CVE-2021-22898
2021-06-11 16:15:11
osv
osv
CVE-2021-22897
2021-06-11 16:15:10
CVE-2021-22901
2021-06-11 16:15:11
CVE-2021-22898
2021-06-11 16:15:11
cvelist
cvelist
CVE-2021-22897
2021-06-11 15:49:38
CVE-2021-22901
2021-06-11 15:49:38
CVE-2021-22898
2021-06-11 15:49:37
ubuntucve
ubuntucve
CVE-2021-22901
2021-05-26 00:00:00
CVE-2021-22898
2021-05-26 00:00:00
CVE-2021-22897
2021-06-11 00:00:00
alpinelinux
alpinelinux
CVE-2021-22901
2021-06-11 16:15:11
CVE-2021-22897
2021-06-11 16:15:10
CVE-2021-22898
2021-06-11 16:15:11
veracode
veracode
Arbitrary Code Execution
2021-05-28 13:03:34
Insecure TLS Configuration
2021-06-14 07:53:55
Information Disclosure
2021-05-28 12:59:20
cve
cve
CVE-2021-22897
2021-06-11 16:15:10
CVE-2021-22901
2021-06-11 16:15:11
CVE-2021-22898
2021-06-11 16:15:11
suse
suse
Security update for curl (moderate)
2021-07-11 00:00:00
Security update for curl (moderate)
2021-05-29 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22898
2021-09-21 22:04:32
mageia
mageia
Updated curl packages fix a security vulnerability
2021-06-09 00:45:12
f5
f5
K22415133 : cURL vulnerability CVE-2021-22898
2021-10-12 00:00:00
ics
ics
Siemens Industrial Devices using libcurl (Update B)
2022-08-11 12:00:00
debian
debian
[SECURITY] [DLA 2734-1] curl security update
2021-08-13 04:32:15
[SECURITY] [DLA 3085-1] curl security update
2022-08-28 23:00:51
amazon
amazon
Medium: curl
2021-06-16 20:37:00
Medium: curl
2021-07-08 18:38:00
Medium: curl
2021-09-08 23:35:00
ubuntu
ubuntu
curl vulnerability
2022-01-20 00:00:00
curl vulnerabilities
2021-07-22 00:00:00
curl vulnerabilities
2023-02-27 00:00:00
slackware
slackware
[slackware-security] curl
2021-05-26 20:10:49
cloudfoundry
cloudfoundry
USN-5021-1: curl vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
oraclelinux
oraclelinux
curl security and bug fix update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: curl security and bug fix update
2021-11-09 09:38:13
redhat
redhat
(RHSA-2021:4511) Moderate: curl security and bug fix update
2021-11-09 09:38:13
(RHSA-2021:2472) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update
2021-06-17 11:33:18
(RHSA-2021:2471) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update
2021-06-17 11:31:22
rocky
rocky
curl security and bug fix update
2021-11-09 09:38:13
rosalinux
rosalinux
Advisory ROSA-SA-2024-2411
2024-05-02 09:04:51

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

Low

0.1 Low

EPSS

Percentile

94.9%

JSON
Related for PUPPET_ENTERPRISE_CVE-2021-22897.NASL
nessus49fedora4openvas38archlinux12photon15ibm7gentoo1cbl_mariner6hackerone4redhatcve4prion3nvd3debiancve3osv10cvelist3ubuntucve4alpinelinux3veracode4cve3suse2cloudlinux1mageia1f51ics1debian2amazon3ubuntu3slackware1cloudfoundry1oraclelinux1almalinux1redhat3rocky1rosalinux1