CVSS 3 Base Score:
9.8

Posted On:

Assessed Risk Level:
High

Continuous Delivery for Puppet Enterprise (CD4PE) and Puppet Comply were found vulnerable to CVE-2021-44228. CD4PE was vulnerable to Remote Code Execution (RCE) and Comply was found potentially vulnerable to privilege escalation.

Status:

Affected software versions:
  • CD4PE 3.x
  • CD4PE prior to 4.10.3
  • Comply prior to 2.2.1
Resolved in:
  • CD4PE 4.10.3
  • Comply 2.2.1