Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.

N/A

不充分的凭证保护机制

Puppet Enterprise Administration Module（PEADM） 安全漏洞

Puppet Enterprise Administration Module（PEADM）是Puppet开源的一个定义 Bolt 计划的 Puppet 模块。用于自动化 Puppet Enterprise 部署。 Puppet Enterprise Administration Module（PEADM） 2025.4.0版本和2025.5版本存在安全漏洞，该漏洞源于Infra Assistant数据库的加密密钥未被排除在Puppet备份文件之外，可能导致AI提供商账户API密钥泄露。

N/A

N/A