A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Puppet Agent
Puppet Enterprise
Puppet Server
Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%