CVSS 3 Base Score: Posted On: July 23, 2020Assessed Risk Level: CriticalIn June 2020, jackson-databind published security updates addressing several CVEs. Previous releases of PuppetDB and Puppet Enterprise contain a vulnerable version of jackson.core:jackson-databind. PuppetDB 5.2.18, Puppet Enterprise 2018.1.16, and Puppet Enterprise 2019.8.1 contain an updated version of jackson-databind that has patched the vulnerabilities.For more information about these vulnerabilities, refer to the following links:CVE-2020-9548CVE-2020-14062CVE-2020-14060CVE-2020-14061CVE-2020-14195Status:Affected software versions:PuppetDB versions prior to 5.2.18Puppet Enterprise versions prior to 2018.1.16Puppet Enterprise versions prior to 2019.8.1Resolved in:PuppetDB 5.2.18Puppet Enterprise 2018.1.16Puppet Enterprise 2019.8.1← Back to CVE Listings
