VYPR

resource_api

by Puppet (software)

CVEs (1)

  • CVE-2026-8804Jul 4, 2026
    risk 0.00cvss epss

    Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache.…