Search criteria
8 vulnerabilities found for continuous_delivery by puppet
CVE-2021-27024 (GCVE-0-2021-27024)
Vulnerability from nvd – Published: 2021-11-18 14:23 – Updated: 2024-08-03 20:40
VLAI?
Summary
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Severity ?
No CVSS data available.
CWE
- Invalid Permissions Check
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Puppet Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 4.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid Permissions Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T14:23:56",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2021-27024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 4.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid Permissions Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2021-27024",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2021-27024",
"datePublished": "2021-11-18T14:23:56",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7945 (GCVE-0-2020-7945)
Vulnerability from nvd – Published: 2020-09-18 17:58 – Updated: 2024-08-04 09:48
VLAI?
Summary
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
Affects CD4PE 4.0.0, resolved in 4.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T17:58:51",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7945",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7945",
"datePublished": "2020-09-18T17:58:51",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7944 (GCVE-0-2020-7944)
Vulnerability from nvd – Published: 2020-03-26 14:16 – Updated: 2024-08-04 09:48
VLAI?
Summary
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Severity ?
No CVSS data available.
CWE
- Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 3.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:16:44",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 3.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7944",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7944",
"datePublished": "2020-03-26T14:16:44",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10695 (GCVE-0-2019-10695)
Vulnerability from nvd – Published: 2019-12-11 23:04 – Updated: 2024-08-04 22:32
VLAI?
Summary
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
puppetlabs/cd4pe module prior to 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T23:04:57",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2019-10695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2019-10695",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2019-10695",
"datePublished": "2019-12-11T23:04:57",
"dateReserved": "2019-04-02T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27024 (GCVE-0-2021-27024)
Vulnerability from cvelistv5 – Published: 2021-11-18 14:23 – Updated: 2024-08-03 20:40
VLAI?
Summary
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Severity ?
No CVSS data available.
CWE
- Invalid Permissions Check
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Puppet Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 4.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid Permissions Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T14:23:56",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2021-27024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 4.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid Permissions Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2021-27024",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/cve-2021-27024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2021-27024",
"datePublished": "2021-11-18T14:23:56",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7945 (GCVE-0-2020-7945)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:58 – Updated: 2024-08-04 09:48
VLAI?
Summary
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
Affects CD4PE 4.0.0, resolved in 4.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T17:58:51",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "Affects CD4PE 4.0.0, resolved in 4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7945",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7945",
"datePublished": "2020-09-18T17:58:51",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7944 (GCVE-0-2020-7944)
Vulnerability from cvelistv5 – Published: 2020-03-26 14:16 – Updated: 2024-08-04 09:48
VLAI?
Summary
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
Severity ?
No CVSS data available.
CWE
- Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
CD4PE prior to 3.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CD4PE prior to 3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:16:44",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2020-7944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 3.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2020-7944",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2020-7944",
"datePublished": "2020-03-26T14:16:44",
"dateReserved": "2020-01-23T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10695 (GCVE-0-2019-10695)
Vulnerability from cvelistv5 – Published: 2019-12-11 23:04 – Updated: 2024-08-04 22:32
VLAI?
Summary
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.
Severity ?
No CVSS data available.
CWE
- Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Continuous Delivery for Puppet Enterprise (CD4PE) |
Affected:
puppetlabs/cd4pe module prior to 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T23:04:57",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2019-10695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "puppetlabs/cd4pe module prior to 1.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user\u2019s username and password were exposed in the job\u2019s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2019-10695",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2019-10695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2019-10695",
"datePublished": "2019-12-11T23:04:57",
"dateReserved": "2019-04-02T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}