漏洞概述 CVE编号: CVE-2026-8804 漏洞名称: Cleartext Storage of Sensitive Information for Puppet Resource API 描述: Puppet resource_api 在 Puppet Core 8.x 和 Puppet Enterprise 2023.8 和 2025.x 中未保留敏感标志,导致参数(如密码)以明文形式存储在代理的本地事务状态缓存中。 影响范围 受影响的软件版本: - puppet-resource_api gem 版本 1.5.0 - 1.9.1 和 2.0.0 - Puppet Core 8.1.10 - 8.19.0 和 Puppet Core (Open Source) 8.0.0 - 8.10.0 - PE 2023.8.0 - 2023.8.9 和 PE 2025.0.0 - 2025.10.0 修复方案 已修复的版本: - puppet-resource_api gem 版本 1.9.2 和 2.0.1 - Puppet Core 8.20.0 - PE 2023.8.10 和 PE 2025.11.0 其他信息 CVSS 评分: 6.7 CVSS 基础分数: 6.7 报告日期: 5/12/2026 解决日期: 6/26/2026 CVSS 链接: https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VH:H/VI:N/VA:N/SC:N/SI:N/SA:L 页面底部信息 Still need help? We're here. Tell us what you need and we'll try to help. Log a case 页脚信息 Copyright © 2025 Perforce. All rights reserved. Terms of Use - Privacy Policy Perforce and other identified trademarks are the property of Perforce Software, Inc., or one of its affiliates. Such trademarks are claimed and/or registered in the U.S. and other countries and regions. All third-party trademarks are the property of their respective holders. References to third-party trademarks do not imply endorsement or sponsorship of any products or services by the trademark holder. Contact Perforce Software, Inc., for further details.