Description
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://puppet.com/security/cve/CVE-2020-7944
Scores
CVSS v3
7.7
EPSS
0.0086
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
puppet/continuous_delivery
< 3.4.0
Published
Mar 26, 2020
Tracked Since
Feb 18, 2026