Vulnerability Name:

CVE-2020-7943 (CCN-177745)

Assigned:2020-03-10
Published:2020-03-10
Updated:2022-01-24
Summary:Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-7943

Source: XF
Type: UNKNOWN
puppet-cve20207943-info-disc(177745)

Source: CCN
Type: Puppet Web site
CVE-2020-7943 - Puppet Server and PuppetDB may leak sensitive information via metrics API

Source: CONFIRM
Type: Vendor Advisory
https://puppet.com/security/cve/CVE-2020-7943/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* (Version >= 2018.1.0 and < 2018.1.15)
  • OR cpe:/a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* (Version >= 2019.0 and < 2019.7.0)
  • OR cpe:/a:puppet:puppet_server:*:*:*:*:*:*:*:* (Version < 5.3.13)
  • OR cpe:/a:puppet:puppet_server:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.11.1)
  • OR cpe:/a:puppet:puppetdb:*:*:*:*:*:*:*:* (Version < 5.2.15)
  • OR cpe:/a:puppet:puppetdb:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.10.1)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:202079430000000
    V
    		CVE-2020-7943 on Ubuntu 18.04 LTS (bionic) - medium.
    2020-03-11
    oval:com.ubuntu.xenial:def:202079430000000
    V
    		CVE-2020-7943 on Ubuntu 16.04 LTS (xenial) - medium.
    2020-03-11
    BACK
    puppet puppet enterprise *
    puppet puppet enterprise *
    puppet puppet server *
    puppet puppet server *
    puppet puppetdb *
    puppet puppetdb *