What is CVE-2020-7943?

CVE-2020-7943 is a vulnerability in Puppetdb, classified under Incorrect Default Permissions. Published 2020-03-11.

Is CVE-2020-7943 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Puppetdb

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which…

EPSS: 0.654 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a Puppetdb — versions prior to 6.9.1, prior to 5.2.13
N/a Puppet Enterprise — versions prior to 2019.5.0
N/a Puppet Enterprise 2018.1.x Stream — versions prior to 2018.1.13
N/a Puppet Server — versions prior to 6.9.2, prior to 5.3.12
N/a Resolved In Puppet Enterprise, Server, Puppetdb — versions Puppet Enterprise 2018.1.13 and 2019.5.0, Puppet Server 6.9.2 and 5.3.12, PuppetDB 6.9.1 and 5.2.13

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

Public proof-of-concept exploits

References

puppet.com/security/cve/CVE-2020-7943/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-7943?: CVE-2020-7943 is a vulnerability in Puppetdb, classified under Incorrect Default Permissions. Published 2020-03-11.
Is CVE-2020-7943 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.