puppet is vulnerable to information disclosure. The vulnerability exists due to HTTP credential leaking when following HTTP redirects to a different host.
access.redhat.com/security/cve/cve-2021-27023
bugzilla.suse.com/show_bug.cgi?id=1192797
github.com/advisories/GHSA-93j5-g845-9wqp
github.com/puppetlabs/puppet/commit/9a8d3ef017cf63ce0f848ec64394f7bad287e825
github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61
github.com/puppetlabs/puppet/pull/8811
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
lists.fedoraproject.org/archives/list/[email protected]/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
puppet.com/security/cve/CVE-2021-27023