CVE-2020-7944

EUVD-2020-28866
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
puppetcontinuous_delivery
𝑥
< 3.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://puppet.com/security/cve/CVE-2020-7944
https://puppet.com/security/cve/CVE-2020-7944