PT-2020-19864 · Puppet · Continuous Delivery For Puppet Enterprise

Published

2020-03-26

Updated

2020-04-01

CVE-2020-7944

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Continuous Delivery for Puppet Enterprise (CD4PE) versions prior to 3.4.0

Description Changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters being included in the impact analysis report.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the impact analysis report to minimize the risk of sensitive information exposure. Avoid using Sensitive parameters in resources or classes until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-7944

Affected Products

Continuous Delivery For Puppet Enterprise

PT-2020-19864 · Puppet · Continuous Delivery For Puppet Enterprise

CVE-2020-7944

Weakness Enumeration

Related Identifiers

Affected Products

References · 4