EPSS
Percentile
95.0%
puppet is vulnerable to information disclosure. The vulnerability exists due to leak sensitive information via metrics API which allows an attacker to access on localhost by default.
access.redhat.com/errata/RHSA-2020:4366
access.redhat.com/security/updates/classification/#important
puppet.com/security/cve/CVE-2020-7943/