EUVD-2020-28867

Malware in sbrugna...

CVE-2021-27024

A flaw was discovered in Continuous Delivery for Puppet Enterprise CD4PE that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0...

CVE-2021-27024

CVE-2021-27024 affects Puppet’s Continuous Delivery for Puppet Enterprise (CD4PE). A flaw allows a user with lower privileges to access a Puppet Enterprise API token. The issue is mitigated by CD4PE version 4.10.0. The available sources describe the vulnerability and its fix but do not provide ex...

CVE-2020-7945

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...

Design/Logic Flaw

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...

CVE-2020-7945

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...

CVE-2020-7945

CVE-2020-7945 concerns Puppet’s Continuous Delivery for Puppet Enterprise (CD4PE). The connected Red Hat/CVE and NVD entries confirm that local registry credentials were embedded directly in the CD4PE deployment definition, exposing credentials to users who should not have access. The Red Hat des...

CVE-2020-7944

CVE-2020-7944 affects Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0. The issue arises when changes to resources or classes containing Sensitive parameters cause those parameters to appear in the impact analysis report. The Red Hat entry confirms the same description. No explicit ...

CVE-2019-10695

When using the cd4pe::rootconfiguration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module...

CVE-2019-10695

When using the cd4pe::rootconfiguration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module...

Design/Logic Flaw

When using the cd4pe::rootconfiguration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module...

CVE-2019-10695

When using the cd4pe::rootconfiguration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module...

CVE-2019-10695

Affected product: puppetlabs/cd4pe module (CD4PE) in Puppet Enterprise. Vulnerable component: cd4pe::root_configuration task exposes the root user’s username and password in the PE console’s Job Details pane. Root cause / impact: data exposure; no additional exploit details are provided. Remediat...

PT-2019-11998 · Puppet · Cd4Pe

Name of the Vulnerable Software and Affected Versions: puppetlabs/cd4pe module versions prior to 1.2.1 Description: The root user’s username and password were exposed in the job’s Job Details pane in the PE console when using the cd4pe::root configuration task to configure a Continuous Delivery f...

Unspecified Vulnerability in Puppet

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is the enterprise version of Puppet. A security vulnerability exists in...