CNNVD-202509-3858 Information
CNNVD ID
CNNVD-202509-3858
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
Puppet Enterprise Administration Module(PEADM)是Puppet开源的一个定义 Bolt 计划的 Puppet 模块。用于自动化 Puppet Enterprise 部署。 Puppet Enterprise Administration Module(PEADM) 2025.4.0版本和2025.5版本存在安全漏洞,该漏洞源于Infra Assistant数据库的加密密钥未被排除在Puppet备份文件之外,可能导致AI提供商账户API密钥泄露。
Description (English)
Puppet Enterprise Development Modeule (PEADM) is the Puppet module for a definition of the Bolt Scheme. To automate Puppet Enterprise deployment. There is a security loophole in the Puppet Enterprise Development Modeule (PEADM) versions 2025.4.0 and 2025.5 which originates from the fact that the encryption key of the Infra Assistant database is not excluded from the Puppet backup file and may result in the release of the API key from the AI provider account.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PWS_Dashboard
Published
2025-09-24
Last Modified
2026-02-24
References
https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255 https://vigilance.fr/vulnerability/Puppet-Labs-Puppet-Enterprise-information-disclosure-via-Encryption-Key-Backup-48300