Skip to content

Puppet Products & Log4j Vulnerability

The below post has a list of Puppet Products that has been impacted by Log4j vulnerability. For Puppet Enterprise Continuous Delivery a patch has been released along with the Mitigation steps which can be applied.Another product that was impacted is Puppet Comply

Puppet ProductVersionsStatusPatched
Puppet Comply impactAllVulnerableMitigations
Puppet agentsAllNot VulnerableNot Needed
Puppet EnterpriseAll Not VulnerableNot Needed
Puppet Enterprise (Continuous Delivery)AllVulnerable Mitigations
Puppet ServiceAllNot Vulnerable Not Needed

Comply Impact: According to Puppet, they have been with a Vendor who has authored Puppet Comply to bring in a patch as soon as possible