4 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-7942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate...
SUSE CVE-2020-7942
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...
SUSE-SU-2020:1057-1 Security update for puppet
This update for puppet fixes the following issues: - CVE-2020-7942: Added a warning for a vulnerable configuration option, which could allow for information disclosure in certain setups. Disabling it my break some setups. bsc1167645...
CVE-2020-7942
CVE-2020-7942 concerns Puppet’s certificate-based access model. The issue arises when a node’s catalog can be retrieved for another node by altering facts during a run, potentially exposing information if a certificate is compromised. Affected are Puppet 6.x before 6.13.0, Puppet Agent 6.x before...