CVE-2020-7945

MEDIUM

CD4PE <4.0.1 - Info Disclosure

Title source: llm

Description

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.

References (1)

[Vendor Advisory] https://puppet.com/security/cve/CVE-2020-7945

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 15.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

puppet/continuous_delivery

Timeline

Published Sep 18, 2020

Tracked Since Feb 18, 2026