Lucene search

Redhat.comRH:CVE-2020-7945

HistorySep 24, 2020 - 11:16 a.m.

CVE-2020-7945

2020-09-2411:16:44

redhat.com

access.redhat.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.8%

JSON

A flaw was found in Puppet. Local registry credentials were included directly in the CD4PE deployment definition, which exposes these credentials to users who should not have access to them. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

bugzilla.redhat.com/show_bug.cgi?id=1882352

nvd.nist.gov/vuln/detail/CVE-2020-7945

www.cve.org/CVERecord?id=CVE-2020-7945

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for RH:CVE-2020-7945