High severity7.8NVD Advisory· Published Oct 2, 2018· Updated Jun 17, 2026

CVE-2018-11748

Description

Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0.

Affected products

Puppet (software)/Puppetlabs Device Managerinferred
Range: <2.7.0
Puppet (software)/device_manager modulellm-create
Range: <2.7.0

Patches

Vulnerability mechanics

References

puppet.com/security/cve/CVE-2018-11748nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000