CVE-2022-2394 MEDIUM

CVE-2022-2394: Sensitive Parameter Exposure in Puppet Bolt prior to 3.24

Vendor Puppet

Product Bolt

Weakness CWE-200 · Info exposure

Published July 19, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

Key dates

02Disclosure timeline

July 19, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2394 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2022-2394: Sensitive Parameter Exposure in Puppet Bolt prior to 3.24

01Description

02Disclosure timeline

03References

04Related CVE