CVE-2020-7945

EUVD-2020-28867
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
puppetcontinuous_delivery
4.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://puppet.com/security/cve/CVE-2020-7945
https://puppet.com/security/cve/CVE-2020-7945