2 matches found
CVE-2020-7943
CVE-2020-7943 affects Puppet Server and PuppetDB, where the metrics API endpoints may disclose sensitive information. The issue stems from exposed metrics data (for PuppetDB: hostnames; for Puppet Server: resource names, titles, function names, and class names) when these endpoints were accessibl...
CVE-2019-10694
CVE-2019-10694 affects Puppet Enterprise where the Express install could leave an overlooked default password for the admin user if the user did not use the URL provided to set the password. The issue is resolved in Puppet Enterprise 2019.0.3 and in 2018.1.9. The public descriptions consistently ...