CVE-2020-7945
MEDIUMContinuous Delivery for Puppet Enterprise - Insufficiently Protected Credentials in Deployment Definition
Title source: llmDescription
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://puppet.com/security/cve/CVE-2020-7945
Scores
CVSS v3
5.5
EPSS
0.0031
EPSS Percentile
22.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (1)
puppet/continuous_delivery
4.0.0
Published
Sep 18, 2020
Tracked Since
Feb 18, 2026