CVSS 3 Base Score: Posted On: May 4, 2021Assessed Risk Level: HighOn February 16, 2021, OpenSSL published security updates addressing CVE-2021-23841, CVE-2021-23839, and CVE-2021-23840. Previous releases of Puppet Agent and Bolt contain a vulnerable version of OpenSSL. Puppet Agent 6.22.1, Puppet Agent 7.6.1, and Bolt 3.6.0 contain an updated version of OpenSSL that has patched the vulnerability.For more information about this vulnerability, refer to the OpenSSL security announcement: https://www.openssl.org/news/secadv/20210216.txt.Status:Affected software versions:Puppet Agent 6.x prior to 6.22.1Puppet Agent 7.x prior to 7.6.1Bolt versions prior to 3.6.0Puppet Enterprise prior to 2019.8.6Resolved in:Puppet Agent 6.22.1Puppet Agent 7.6.1Bolt 3.6.0Puppet Enterprise 2019.8.6Puppet Enterprise 2021.1.0← Back to CVE Listings