CVE-2022-2394

Опубликовано: 19 июл. 2022

Источник: nvd

CVSS3: 4.1

CVSS3: 3.5

EPSS Низкий

Описание

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

Ссылки

https://puppet.com/security/cve/CVE-2022-2394
Release Notes
Vendor Advisory
https://puppet.com/security/cve/CVE-2022-2394
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perforce:puppet_bolt:*:*:*:*:*:*:*:*

Версия до 3.24.0 (исключая)

EPSS

Процентиль: 48%

0.00253

Низкий

4.1 Medium

CVSS3

3.5 Low

CVSS3

Дефекты

CWE-200

CWE-532

Связанные уязвимости

GHSA-prvj-qfjv-3x3f

CVSS3: 3.5

github

больше 3 лет назад

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

EPSS

Процентиль: 48%

0.00253

Низкий

4.1 Medium

CVSS3

3.5 Low

CVSS3

Дефекты

CWE-200

CWE-532