Puppet Continuous Delivery — known CVE vulnerabilities
Every CVE whose affected-product data names Puppet Continuous Delivery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-27024 — CVSS 8.1 (high): A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to…
CVE-2020-7944 — CVSS 7.7 (high): In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can…
CVE-2019-10695 — CVSS 6.5 (medium): When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and…
CVE-2020-7945 — CVSS 5.5 (medium): Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who…