CVE-2020-7944 - OpenCVE

In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Puppet	Continuous Delivery

Configuration 1 [-]

cpe:2.3:a:puppet:continuous_delivery:*:*:*:*:*:puppet_enterprise:*:*

References

Link	Resource
https://puppet.com/security/cve/CVE-2020-7944	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: puppet

Published: 2020-03-26T14:16:44

Updated: 2020-03-26T14:16:44

Reserved: 2020-01-23T00:00:00

Link: CVE-2020-7944

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-26T15:15:25.147

Modified: 2020-04-01T18:30:08.013

Link: CVE-2020-7944

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:continuous_delivery:*:*:*:*:*:puppet_enterprise:*:*", "matchCriteriaId": "54D2F691-341C-443C-A703-2EA1D22A8C05", "versionEndExcluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."}, {"lang": "es", "value": "En Continuous Delivery for Puppet Enterprise (CD4PE) versiones anteriores a 3.4.0, los cambios en los recursos o clases que contienen par\u00e1metros Confidenciales pueden dar como resultado que los par\u00e1metros Confidenciales terminen en el reporte de an\u00e1lisis del impacto."}], "id": "CVE-2020-7944", "lastModified": "2020-04-01T18:30:08.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-26T15:15:25.147", "references": [{"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2020-7944"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}