Puppet Response to Remote Code Execution Vulnerability CVE-2021-44228
source link: https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Puppet Response to Remote Code Execution Vulnerability CVE-2021-44228
Puppet Response to CVE-2021-44228
A new remote code execution (RCE) vulnerability in the popular open source log4j logging library has been discovered and assigned CVE-2021-44228. Malicious actors who can cause a malicious string to be logged can exploit this vulnerability.
Many companies have been impacted by this vulnerability.
After an extensive security audit of the Puppet product portfolio, we have discovered that Continuous Delivery for Puppet Enterprise (CD for PE) has been impacted by this CVE. Puppet Enterprise is not impacted; Puppet agents are not impacted.
A release update and mitigation steps for Continuous Delivery for Puppet Enterprise version 4.x, is now available. Mitigation steps for Continuous Delivery for Puppet Enterprise version 3.x, which was end of lifed earlier this year, can be found in the FAQ. We strongly recommend upgrading to 4.x.
An FAQ outlining the path forward for CD for PE customers on versions 3.x and 4.x is available via the Puppet Support Portal. Should you have additional questions, please reach out to your TAM, or contact Support.
Sarah Hullender is a Senior Engineering, Product Manager, at Puppet. Diego Lapiduz is a Senior Director, Product Security, at Puppet.
Learn more
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK