VYPR

Puppet Discovery

by Puppet (software)

CVEs (2)

  • CVE-2018-11746HigJul 3, 2018
    risk 0.56cvss 8.6epss 0.01

    In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.

  • CVE-2018-11747Mar 17, 2019
    risk 0.00cvss epss 0.01

    Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.