Vulnerability in Perforce Puppet Core
CVE-2026-8804
Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the a…
Affected products
- Perforce Puppet Core — versions 8.11.0, 8.0.0, 8.20.0
- Perforce Puppet Enterprise — versions 2023.8.0, 2025.0.0, 2023.8.10