Headline

CVE-2022-2394: CVE-2022-2394 - Puppet Bolt

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

2 years ago

CVE

Open in Source

#web #windows #google #amazon #git #vmware #aws

Forge
Documentation
Get Support
Education
Events
Shop

BlogContact Sales

Try Puppet

Why Puppet
Products
Services
Open Source
Resources
Partners
About Puppet by Perforce
Why Puppet
Products
Services
Open Source
Resources
Partners
About Puppet by Perforce
Forge
Documentation
Get Support
Education
Events
Shop

Search Puppet.com

Puppet is the industry standard for IT automation.

Modernize, manage and bring your hybrid infrastructure into compliance through Puppet’s powerful continuous automation.

Why Puppet
Try Puppet

Guidebook

What is Configuration Management
What is IT Compliance
What is IT Automation

Use Cases

Application delivery & operations
Continuous configuration automation
Continuous compliance
Continuous delivery
Patch management
Puppet for government
Operations tasks & orchestration
Windows infrastructure automation

Get Puppet Enterprise

First 10 nodes are free!

Try it now
Request a demo

Products

Puppet Enterprise
Continuous Delivery for Puppet Enterprise
Puppet Comply
Puppet Relay

Pricing & Packaging

Pricing
Support services plans
Professional services

Integrations

Amazon Web Services
Google Cloud Platform
Hashicorp
PowerShell DSC
Windows Azure
ServiceNow
Splunk
VMware
All integrations

Puppet Education

Puppet Education is your learning portal for tools and best practices to address common business challenges.

Puppet Education

Professional services

Start automating
Accelerate delivery
Integrate your toolchain
Harden infrastructure
Partner for success
Scale DevOps
All professional services

Support

Puppet support
Technical support packages
Technical account management

Custom consulting services

Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Learn more

Puppet Forge

Find thousands of component modules built by the community and guidance on using them in your own infrastructure.

Visit Puppet Forge

Ecosystem

Puppet developer experience
Trusted contributors
GitHub
Vox Pupuli

Open Source Projects

Open source Puppet
Bolt
All open source projects
Compare our enterprise products

Community

Community
Puppet Champions
Puppet Test Pilots
Community calendar
Community Slack
Pulling the Strings Podcast
Puppet and Perforce Community FAQ

Contribute

Contribute written content
Contribute to open source projects
Puppet Idea Portal

State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

State of DevOps retrospective
Scaling DevOps
Get the 2021 State of DevOps Report

Product Documentation

Puppet Enterprise
Continuous Delivery for Puppet Enterprise
Puppet Comply
Puppet Remediate
All documentation

Resource library

Blog
Ebooks
Reports
Solution briefs
Videos
Webinars
White papers

Customers

Our customers
Customer videos
Customer stories

Partners

Technology partners
Channel partners
Solution providers
Become a partner
Partner Portal login

Featured Partners

About Us

Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.

Puppet by Perforce

Mission
Leadership
Diversity, equity & inclusion
Contact us

Working at Puppet by Perforce

Careers
Open positions

Press & news

Press room
Press releases
News mentions

Events

It’s our community that makes Puppet great. Connect with Puppet users and employees.

Watch On Demand: Puppetize Digital 2021
All events
Posted 2022-07-15
Assessed Risk Level: Medium
CVSS 3.1 Base Score: 4.1

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.