{"id":"CVE-2020-7942","details":"Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19","aliases":["GHSA-gqvf-892r-vjm5"],"modified":"2026-04-10T04:28:14.472064Z","published":"2020-02-19T21:15:11.747Z","related":["SUSE-SU-2020:1057-1"],"references":[{"type":"ADVISORY","url":"https://puppet.com/security/cve/CVE-2020-7942/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/puppetlabs/puppet","events":[{"introduced":"ceec9d2b6ab716cf90c2f8f4384632ebd1afc338"},{"fixed":"3464ca6e1ef3ff3a5cbdb0f4cf70417286cc1407"},{"introduced":"06ad255754a38f22fb3a22c7c4f1e2ce453d01cb"},{"fixed":"102680c80f24517344763759ea849264efd237cc"},{"introduced":"ceec9d2b6ab716cf90c2f8f4384632ebd1afc338"},{"fixed":"3464ca6e1ef3ff3a5cbdb0f4cf70417286cc1407"},{"introduced":"06ad255754a38f22fb3a22c7c4f1e2ce453d01cb"},{"fixed":"102680c80f24517344763759ea849264efd237cc"}],"database_specific":{"versions":[{"introduced":"5.5.0"},{"fixed":"5.5.19"},{"introduced":"6.0.0"},{"fixed":"6.13.0"},{"introduced":"5.5.0"},{"fixed":"5.5.19"},{"introduced":"6.0.0"},{"fixed":"6.13.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7942.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}