CVSS 3 Base Score:

Posted On:

Assessed Risk Level:

Continuous Delivery for Puppet Enterprise (CD4PE) and Puppet Comply were found vulnerable to CVE-2021-44228. CD4PE was vulnerable to Remote Code Execution (RCE) and Comply was found potentially vulnerable to privilege escalation.


Affected software versions:
  • CD4PE 3.x
  • CD4PE prior to 4.10.3
  • Comply prior to 2.2.1
Resolved in:
  • CD4PE 4.10.3
  • Comply 2.2.1