Vulnerabilities > CVE-2021-27020 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
puppet
CWE-1236
NVD
Published: 2021-08-30
Updated: 2021-09-07

Summary

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.

Vulnerable Configurations

Part Description Count
Application
Puppet
128

Common Weakness Enumeration (CWE)

References