CVE-2019-10695

Affected product: puppetlabs/cd4pe module (CD4PE) in Puppet Enterprise. Vulnerable component: cd4pe::root_configuration task exposes the root user’s username and password in the PE console’s Job Details pane. Root cause / impact: data exposure; no additional exploit details are provided. Remediat...

CVE-2020-7944

CVE-2020-7944 affects Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0. The issue arises when changes to resources or classes containing Sensitive parameters cause those parameters to appear in the impact analysis report. The Red Hat entry confirms the same description. No explicit ...

CVE-2020-7945

CVE-2020-7945 concerns Puppet’s Continuous Delivery for Puppet Enterprise (CD4PE). The connected Red Hat/CVE and NVD entries confirm that local registry credentials were embedded directly in the CD4PE deployment definition, exposing credentials to users who should not have access. The Red Hat des...

CVE-2021-27024

CVE-2021-27024 affects Puppet’s Continuous Delivery for Puppet Enterprise (CD4PE). A flaw allows a user with lower privileges to access a Puppet Enterprise API token. The issue is mitigated by CD4PE version 4.10.0. The available sources describe the vulnerability and its fix but do not provide ex...