Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
References
Link | Resource |
---|---|
https://puppet.com/security/cve/CVE-2020-7945 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: puppet
Published: 2020-09-18T17:58:51
Updated: 2020-09-18T17:58:51
Reserved: 2020-01-23T00:00:00
Link: CVE-2020-7945
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-18T18:15:20.287
Modified: 2020-09-30T19:49:52.973
Link: CVE-2020-7945
JSON object: View
Redhat Information
No data.
CWE