VYPR
High severity8.6NVD Advisory· Published Jul 3, 2018· Updated Jun 17, 2026

CVE-2018-11746

CVE-2018-11746

Description

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.