Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-7943 — Incorrect Default Permissions in Enterprise
Severity
7.5HIGHNVD
EPSS
65.4%
top 1.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 11
Latest updateMay 24
Description
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metric…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
🔴Vulnerability Details
3GHSA▶
GHSA-xv72-7w5r-cqjw: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints↗2022-05-24
CVEList▶
CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints↗2020-03-11
OSV▶
CVE-2020-7943: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints↗2020-03-11
💥Exploits & PoCs
1Nuclei▶
Puppet Server/PuppetDB - Sensitive Information Disclosure
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API↗2020-04-27