CVE-2022-2394

Name of the Vulnerable Software and Affected Versions Puppet Bolt versions prior to 3.24.0

Description The issue allows sensitive parameters to be printed when planning a run, potentially resulting in them being logged when executed programmatically, such as through Puppet Enterprise.

Recommendations For Puppet Bolt versions prior to 3.24.0, update to version 3.24.0 or later to resolve the issue. As a temporary workaround, consider restricting the logging of sensitive parameters when running Puppet Bolt programmatically until a patch is applied.