Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-7943

Published: 11/03/2020 Updated: 24/01/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Puppet Enterprise

Vulnerability Summary

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream before 2018.1.13 Puppet Enterprise before 2019.5.0 Puppet Server before 6.9.2 Puppet Server before 5.3.12 PuppetDB before 6.9.1 PuppetDB before 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

puppet puppet enterprise

puppet puppet server

puppet puppetdb

Vendor Advisories

Red Hat: Important: Satellite 6.8 release
Synopsis Important: Satellite 68 release Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 68 for RHEL 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score,which giv ...

Github Repositories

https://github.com/puppetlabs/puppet_metrics_dashboard

A module for managing the installation and configuration of metrics dashboards for Puppet services.

⚠ WARNING ⚠ This Module and Repository has been deprecated and is no longer maintained For the functional replacement of this module, please see puppet_operational_dashboards puppet_metrics_dashboard Description Setup Upgrade notes Determining where Telegraf runs Requirements Usage Configure a Standard Primary Server and a Dashboard node Manual configuration of a comp

https://github.com/puppetlabs/puppetlabs-puppet_metrics_collector

Puppet module for collecting metrics from PE components

Table of Contents Table of Contents Overview Setup Installation Configuration Parameters output_dir collection_frequency retention_days Metrics Server Parameters metrics_server_type metrics_server_hostname metrics_server_port metrics_server_db_name override_metrics_command Usage Searching Metrics Searching Puppetserver Metrics Searching PuppetDB Metrics Sharing M

References

NVD-CWE-noinfohttps://puppet.com/security/cve/CVE-2020-7943/https://access.redhat.com/errata/RHSA-2020:4366https://nvd.nist.govhttps://github.com/puppetlabs/puppet_metrics_dashboard
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook