CVSS 3 Base Score:
4.4

Posted On:

Assessed Risk Level:
Medium

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).

Status:

Affected software versions:

- Puppet Enterprise prior to 2019.8.8

Resolved in:

- Puppet Enterprise 2019.8.8 - Puppet Enterprise 2021.3.0