Search criteria
12 vulnerabilities found for continuous_delivery by puppet
FKIE_CVE-2021-27024
Vulnerability from fkie_nvd - Published: 2021-11-18 15:15 - Updated: 2024-11-21 05:57
Severity ?
Summary
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
References
| URL | Tags | ||
|---|---|---|---|
| security@puppet.com | https://puppet.com/security/cve/cve-2021-27024 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/cve-2021-27024 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | continuous_delivery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:continuous_delivery:*:*:*:*:puppet_enterprise:*:*:*",
"matchCriteriaId": "782FEA21-6C00-45C1-8A45-B0A1C139DB5C",
"versionEndExcluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
},
{
"lang": "es",
"value": "Se ha detectado un fallo en Continuous Delivery for Puppet Enterprise (CD4PE) que resulta en un usuario con privilegios bajos ser capaz de acceder a un token de la API de Puppet Enterprise. Este problema se ha resuelto en CD4PE versi\u00f3n 4.10.0"
}
],
"id": "CVE-2021-27024",
"lastModified": "2024-11-21T05:57:12.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-18T15:15:09.447",
"references": [
{
"source": "security@puppet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"sourceIdentifier": "security@puppet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7945
Vulnerability from fkie_nvd - Published: 2020-09-18 18:15 - Updated: 2024-11-21 05:38
Severity ?
Summary
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
References
| URL | Tags | ||
|---|---|---|---|
| security@puppet.com | https://puppet.com/security/cve/CVE-2020-7945 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/CVE-2020-7945 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | continuous_delivery | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:continuous_delivery:4.0.0:*:*:*:puppet_enterprise:*:*:*",
"matchCriteriaId": "5A05DAD5-2B3F-4BD1-B56B-083AAF0876A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
},
{
"lang": "es",
"value": "Las credenciales del registro local fueron incluidas directamente en la definici\u00f3n de la implementaci\u00f3n de CD4PE, lo que podr\u00eda exponer estas credenciales a usuarios que no deber\u00edan tener acceso a ellas.\u0026#xa0;Esto es resuelto en Continuous Delivery para Puppet Enterprise versi\u00f3n 4.0.1"
}
],
"id": "CVE-2020-7945",
"lastModified": "2024-11-21T05:38:03.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T18:15:20.287",
"references": [
{
"source": "security@puppet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"sourceIdentifier": "security@puppet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7944
Vulnerability from fkie_nvd - Published: 2020-03-26 15:15 - Updated: 2024-11-21 05:38
Severity ?
Summary
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
References
| URL | Tags | ||
|---|---|---|---|
| security@puppet.com | https://puppet.com/security/cve/CVE-2020-7944 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/CVE-2020-7944 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | continuous_delivery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:continuous_delivery:*:*:*:*:*:puppet_enterprise:*:*",
"matchCriteriaId": "54D2F691-341C-443C-A703-2EA1D22A8C05",
"versionEndExcluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
},
{
"lang": "es",
"value": "En Continuous Delivery for Puppet Enterprise (CD4PE) versiones anteriores a 3.4.0, los cambios en los recursos o clases que contienen par\u00e1metros Confidenciales pueden dar como resultado que los par\u00e1metros Confidenciales terminen en el reporte de an\u00e1lisis del impacto."
}
],
"id": "CVE-2020-7944",
"lastModified": "2024-11-21T05:38:03.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-26T15:15:25.147",
"references": [
{
"source": "security@puppet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"sourceIdentifier": "security@puppet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10695
Vulnerability from fkie_nvd - Published: 2019-12-12 00:15 - Updated: 2024-11-21 04:19
Severity ?
Summary
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.
References
| URL | Tags | ||
|---|---|---|---|
| security@puppet.com | https://puppet.com/security/cve/CVE-2019-10695 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/CVE-2019-10695 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | continuous_delivery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:continuous_delivery:*:*:*:*:*:puppet_enterprise:*:*",
"matchCriteriaId": "F7A85693-18F1-4A5B-9360-DCBC0FA0B2A6",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
},
{
"lang": "es",
"value": "Al utilizar la tarea cd4pe :: root_configuration para configurar una Entrega continua para la instalaci\u00f3n de PE, el nombre de usuario y la contrase\u00f1a del usuario ra\u00edz se expusieron en el panel Detalles del trabajo del trabajo en la consola de PE. Estos problemas se han resuelto en la versi\u00f3n 1.2.1 del m\u00f3dulo puppetlabs / cd4pe."
}
],
"id": "CVE-2019-10695",
"lastModified": "2024-11-21T04:19:46.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T00:15:11.113",
"references": [
{
"source": "security@puppet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"sourceIdentifier": "security@puppet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-27024 (GCVE-0-2021-27024)
Vulnerability from cvelistv5 – Published: 2021-11-18 14:23 – Updated: 2024-08-03 20:40
VLAI?
Summary
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Severity ?
No CVSS data available.
CWE
- Invalid Permissions Check
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Puppet Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 4.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid Permissions Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T14:23:56",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2021-27024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 4.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid Permissions Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2021-27024",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2021-27024",
"datePublished": "2021-11-18T14:23:56",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7945 (GCVE-0-2020-7945)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:58 – Updated: 2024-08-04 09:48
VLAI?
Summary
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
Affects CD4PE 4.0.0, resolved in 4.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T17:58:51",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7945",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7945",
"datePublished": "2020-09-18T17:58:51",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7944 (GCVE-0-2020-7944)
Vulnerability from cvelistv5 – Published: 2020-03-26 14:16 – Updated: 2024-08-04 09:48
VLAI?
Summary
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Severity ?
No CVSS data available.
CWE
- Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 3.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:16:44",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 3.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7944",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7944",
"datePublished": "2020-03-26T14:16:44",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10695 (GCVE-0-2019-10695)
Vulnerability from cvelistv5 – Published: 2019-12-11 23:04 – Updated: 2024-08-04 22:32
VLAI?
Summary
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
puppetlabs/cd4pe module prior to 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T23:04:57",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2019-10695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2019-10695",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2019-10695",
"datePublished": "2019-12-11T23:04:57",
"dateReserved": "2019-04-02T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27024 (GCVE-0-2021-27024)
Vulnerability from nvd – Published: 2021-11-18 14:23 – Updated: 2024-08-03 20:40
VLAI?
Summary
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Severity ?
No CVSS data available.
CWE
- Invalid Permissions Check
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Puppet Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 4.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid Permissions Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T14:23:56",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2021-27024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 4.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid Permissions Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2021-27024",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2021-27024",
"datePublished": "2021-11-18T14:23:56",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7945 (GCVE-0-2020-7945)
Vulnerability from nvd – Published: 2020-09-18 17:58 – Updated: 2024-08-04 09:48
VLAI?
Summary
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
Affects CD4PE 4.0.0, resolved in 4.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T17:58:51",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7945",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7945",
"datePublished": "2020-09-18T17:58:51",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7944 (GCVE-0-2020-7944)
Vulnerability from nvd – Published: 2020-03-26 14:16 – Updated: 2024-08-04 09:48
VLAI?
Summary
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Severity ?
No CVSS data available.
CWE
- Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 3.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:16:44",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 3.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7944",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7944",
"datePublished": "2020-03-26T14:16:44",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10695 (GCVE-0-2019-10695)
Vulnerability from nvd – Published: 2019-12-11 23:04 – Updated: 2024-08-04 22:32
VLAI?
Summary
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
puppetlabs/cd4pe module prior to 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T23:04:57",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2019-10695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2019-10695",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2019-10695",
"datePublished": "2019-12-11T23:04:57",
"dateReserved": "2019-04-02T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}