CVE-2020-7943 PoC — Puppet和PuppetDB 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-7943.yaml

Associated Vulnerability

Title:Puppet和PuppetDB 信息泄露漏洞 (CVE-2020-7943)
Description:Puppet和Puppet Server都是美国Puppet（Puppet）实验室的产品。Puppet是一套基于客户端/服务器（C/S）架构的配置管理工具，它可用于管理配置文件、用户、cron任务、软件包、系统服务等。Puppet Enterprise是Puppet的企业版。PuppetDB是Puppet的下一代开源存储服务，它可用于管理所有平台生成的数据存储和检索。Puppet Server是一款用于将配置从主服务器推送到其他服务器的软件。 Puppet Enterprise、Puppet Server

Description

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed.

File Snapshot


 id: CVE-2020-7943

info:
  name: Puppet Server/PuppetDB - Sensitive Information Disclosure
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!