Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2394: CVE-2022-2394 - Puppet Bolt

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

CVE
#web#windows#google#amazon#git#vmware#aws
  • Forge
  • Documentation
  • Get Support
  • Education
  • Events
  • Shop

BlogContact Sales

Try Puppet

  • Why Puppet

  • Products

  • Services

  • Open Source

  • Resources

  • Partners

  • About Puppet by Perforce

  • Why Puppet

  • Products

  • Services

  • Open Source

  • Resources

  • Partners

  • About Puppet by Perforce

  • Forge

  • Documentation

  • Get Support

  • Education

  • Events

  • Shop

Search Puppet.com

Puppet is the industry standard for IT automation.

Modernize, manage and bring your hybrid infrastructure into compliance through Puppet’s powerful continuous automation.

  • Why Puppet
  • Try Puppet

Guidebook

  • What is Configuration Management
  • What is IT Compliance
  • What is IT Automation

Use Cases

  • Application delivery & operations
  • Continuous configuration automation
  • Continuous compliance
  • Continuous delivery
  • Patch management
  • Puppet for government
  • Operations tasks & orchestration
  • Windows infrastructure automation

Get Puppet Enterprise

First 10 nodes are free!

  • Try it now
  • Request a demo

Products

  • Puppet Enterprise
  • Continuous Delivery for Puppet Enterprise
  • Puppet Comply
  • Puppet Relay

Pricing & Packaging

  • Pricing
  • Support services plans
  • Professional services

Integrations

  • Amazon Web Services
  • Google Cloud Platform
  • Hashicorp
  • PowerShell DSC
  • Windows Azure
  • ServiceNow
  • Splunk
  • VMware
  • All integrations

Puppet Education

Puppet Education is your learning portal for tools and best practices to address common business challenges.

  • Puppet Education

Professional services

  • Start automating
  • Accelerate delivery
  • Integrate your toolchain
  • Harden infrastructure
  • Partner for success
  • Scale DevOps
  • All professional services

Support

  • Puppet support
  • Technical support packages
  • Technical account management

Custom consulting services

Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

  • Learn more

Puppet Forge

Find thousands of component modules built by the community and guidance on using them in your own infrastructure.

  • Visit Puppet Forge

Ecosystem

  • Puppet developer experience
  • Trusted contributors
  • GitHub
  • Vox Pupuli

Open Source Projects

  • Open source Puppet
  • Bolt
  • All open source projects
  • Compare our enterprise products

Community

  • Community
  • Puppet Champions
  • Puppet Test Pilots
  • Community calendar
  • Community Slack
  • Pulling the Strings Podcast
  • Puppet and Perforce Community FAQ

Contribute

  • Contribute written content
  • Contribute to open source projects
  • Puppet Idea Portal

State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

  • State of DevOps retrospective

  • Scaling DevOps

  • Get the 2021 State of DevOps Report

Product Documentation

  • Puppet Enterprise
  • Continuous Delivery for Puppet Enterprise
  • Puppet Comply
  • Puppet Remediate
  • All documentation

Resource library

  • Blog
  • Ebooks
  • Reports
  • Solution briefs
  • Videos
  • Webinars
  • White papers

Customers

  • Our customers
  • Customer videos
  • Customer stories

Partners

  • Technology partners
  • Channel partners
  • Solution providers
  • Become a partner
  • Partner Portal login

Featured Partners

About Us

Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.

Puppet by Perforce

  • Mission
  • Leadership
  • Diversity, equity & inclusion
  • Contact us

Working at Puppet by Perforce

  • Careers
  • Open positions

Press & news

  • Press room
  • Press releases
  • News mentions

Events

It’s our community that makes Puppet great. Connect with Puppet users and employees.

  • Watch On Demand: Puppetize Digital 2021

  • All events

  • Posted 2022-07-15

  • Assessed Risk Level: Medium

  • CVSS 3.1 Base Score: 4.1

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

  • https://github.com/puppetlabs/bolt/blob/main/CHANGELOG.md#bolt-3240-2022-06-29

Status:

Affected software versions:

  • Puppet Bolt prior to 3.24.0

Resolved in:

  • Puppet Bolt 3.24.0

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907