CVE-2020-7943

🗓️ 11 Mar 2020 21:56:41Reported by puppetType

Puppet Server and PuppetDB have security vulnerability CVE-2020-7943 allowing sensitive information exposure via metrics API. Fixed in Puppet Enterprise 2018.1.13, 2019.5.0, Puppet Server 6.9.2, 5.3.12, PuppetDB 6.9.1, 5.2.13

Reporter	Title	Published	Views	Family All 21
FreeBSD	puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API	10 Mar 202000:00	–	freebsd
CNVD	Puppet Server metrics API information disclosure vulnerability	12 Mar 202000:00	–	cnvd
Cvelist	CVE-2020-7943	11 Mar 202021:56	–	cvelist
Debian CVE	CVE-2020-7943	11 Mar 202021:56	–	debiancve
Tenable Nessus	FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)	24 Mar 202000:00	–	nessus
Tenable Nessus	RHEL 7 : Satellite 6.8 (Important) (RHSA-2020:4366)	4 Nov 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-7943	27 Aug 202500:00	–	nessus
Nuclei	Puppet Server/PuppetDB - Sensitive Information Disclosure	6 Jun 202603:01	–	nuclei
NVD	CVE-2020-7943	11 Mar 202023:15	–	nvd
OSV	CVE-2020-7943	11 Mar 202023:15	–	osv

NVD

Node

puppet puppet_enterpriseRange2018.1.0–2018.1.15

puppet puppet_enterpriseRange2019.0–2019.7.0

puppet puppet_serverRange<5.3.13

puppet puppet_serverRange6.0.0–6.11.1

puppet puppetdbRange<5.2.15

puppet puppetdbRange6.0.0–6.10.1

[
  {
    "product": "Puppet Enterprise 2018.1.x stream",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 2018.1.13"
      }
    ]
  },
  {
    "product": "Puppet Enterprise",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 2019.5.0"
      }
    ]
  },
  {
    "product": "Puppet Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 6.9.2"
      },
      {
        "status": "affected",
        "version": "prior to 5.3.12"
      }
    ]
  },
  {
    "product": "PuppetDB",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 6.9.1"
      },
      {
        "status": "affected",
        "version": "prior to 5.2.13"
      }
    ]
  },
  {
    "product": "Resolved in Puppet Enterprise, Puppet Server, PuppetDB",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Puppet Enterprise 2018.1.13 and 2019.5.0"
      },
      {
        "status": "affected",
        "version": "Puppet Server 6.9.2 and 5.3.12"
      },
      {
        "status": "affected",
        "version": "PuppetDB 6.9.1 and 5.2.13"
      }
    ]
  }
]

Source	Link
puppet	www.puppet.com/security/cve/CVE-2020-7943/

21 Nov 2024 05:38Current

7.2High risk

Vulners AI Score7.2

CVSS 25

CVSS 3.17.5

EPSS0.65366

CWE-276