CVE-2022-2394

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
References
Link Resource
https://puppet.com/security/cve/CVE-2022-2394 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:perforce:puppet_bolt:*:*:*:*:*:*:*:*

History

30 Jun 2023, 18:54

Type Values Removed Values Added
CWE CWE-200 CWE-532

Information

Published : 2022-07-19 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-2394

Mitre link : CVE-2022-2394

CVE.ORG link : CVE-2022-2394


JSON object : View

Products Affected

perforce

  • puppet_bolt
CWE
CWE-532

Insertion of Sensitive Information into Log File

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor