Privilege Escalation Vulnerability in Continuous Delivery for Puppet Enterprise (CD4PE)

CVE-2021-27024 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0

Learn more about our Api Penetration Testing.