Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-huc8-7hdd-ukam
SummaryIn Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.
Aliases
0
alias CVE-2025-10360
Fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-10360
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.09714
published_at 2026-04-16T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.09832
published_at 2026-04-13T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09804
published_at 2026-04-02T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.09853
published_at 2026-04-04T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09753
published_at 2026-04-07T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.09825
published_at 2026-04-08T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.09877
published_at 2026-04-09T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.09884
published_at 2026-04-11T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.09848
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-10360
1
reference_url https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255
reference_id insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T16:11:54Z/
url https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255
Weaknesses
0
cwe_id 522
name Insufficiently Protected Credentials
description The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Exploits
Severity_range_score6.9 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-huc8-7hdd-ukam