Vulnerability in Puppet
CVE-2020-7942
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls ba…
EPSS: 0.001 (29.5th percentile) — read the EPSS interpretation.
Affected products
- Puppet — versions 5.5.x prior to 5.5.19, Fixed in 5.5.19, 6.x prior to 6.13.0
- Puppet Agent — versions 5.5.x prior to 5.5.19, Fixed in 5.5.19, 6.x prior to 6.13.0
References
- puppet.com/security/cve/CVE-2020-7942/ (x_refsource_CONFIRM)