Bug 1882352 (CVE-2020-7945)
| Summary: | CVE-2020-7945 puppet: local registry credentials included in CD4PE deployment definition leads to expose credentials to users who should not have access | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bkearney, brandfbb, dbecker, jjoyce, jschluet, lhh, lpeer, lutter, mburns, mmagr, sclewis, slinaber, s, terje.rosten |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Puppet. Local registry credentials were included directly in the CD4PE deployment definition, which exposes these credentials to users who should not have access to them. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-15 14:21:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1882353, 1882354 | ||
| Bug Blocks: | 1882355 | ||
|
Description
Dhananjay Arunesh
2020-09-24 11:03:21 UTC
Created puppet tracking bugs for this issue: Affects: epel-all [bug 1882354] Affects: fedora-all [bug 1882353] This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7945 |