Source: puppet.com
Puppet Response to Remote Code Execution Vulnerability CVE-2021-44228Category: puppet
Puppet Response to CVE-2021-44228 A new remote code execution (RCE) vulnerability in the popular open source log4j logging library has been discovered and assigned CVE-2021-44228.
After an extensive security audit of the Puppet product portfolio, we have discovered that Continuous Delivery for Puppet Enterprise (CD for PE) has been impacted by this CVE. Puppet Enterprise is not impacted; Puppet agents are not impacted.
Mitigation steps for Continuous Delivery for Puppet Enterprise version 3.x, which was https://support.puppet.com/hc/en-us/articles/1500011451161-Continuous-Delivery-for-Puppet-Enterprise-3-x-End-of-Life-notice earlier this year, can be found in the FAQ.
After an extensive security audit of the Puppet product portfolio, we have discovered that Continuous Delivery for Puppet Enterprise (CD for PE) has been impacted by this CVE. Puppet Enterprise is not impacted; Puppet agents are not impacted.
Mitigation steps for Continuous Delivery for Puppet Enterprise version 3.x, which was https://support.puppet.com/hc/en-us/articles/1500011451161-Continuous-Delivery-for-Puppet-Enterprise-3-x-End-of-Life-notice earlier this year, can be found in the FAQ.
Related Articles
Community Partners
DevOps Careers