Continuous Delivery@* Security Vulnerabilities and Issues — Continuous Delivery@* CVE List

PuppetContinuous Delivery*

3 matches found

CVE•added 2019/12/11 11:4 p.m.•124 views

CVE-2019-10695

Affected product: puppetlabs/cd4pe module (CD4PE) in Puppet Enterprise. Vulnerable component: cd4pe::root_configuration task exposes the root user’s username and password in the PE console’s Job Details pane. Root cause / impact: data exposure; no additional exploit details are provided. Remediat...

6.5CVSS6.7AI score0.00877EPSS

CVE•added 2020/03/26 2:16 p.m.•59 views

CVE-2020-7944

CVE-2020-7944 affects Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0. The issue arises when changes to resources or classes containing Sensitive parameters cause those parameters to appear in the impact analysis report. The Red Hat entry confirms the same description. No explicit ...

7.7CVSS7.5AI score0.00859EPSS

CVE•added 2021/11/18 2:23 p.m.•45 views

CVE-2021-27024

CVE-2021-27024 affects Puppet’s Continuous Delivery for Puppet Enterprise (CD4PE). A flaw allows a user with lower privileges to access a Puppet Enterprise API token. The issue is mitigated by CD4PE version 4.10.0. The available sources describe the vulnerability and its fix but do not provide ex...

8.1CVSS7.7AI score0.00792EPSS