Main Vulnerability Database Vulnerabilities #VU26536

Information disclosure in Continuous Delivery for Puppet Enterprise - CVE-2020-7944

Published: April 2, 2020

Vulnerability identifier: #VU26536

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-7944

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Continuous Delivery for Puppet Enterprise

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2020-7944

Install updates from vendor's website.

Sources

https://puppet.com/security/cve/CVE-2020-7944

Information disclosure in Continuous Delivery for Puppet Enterprise - CVE-2020-7944

Detailed vulnerability description

How to mitigate CVE-2020-7944

Sources

Please verify you're human