Vulnerability Details CVE-2018-11747
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://puppet.com/security/cve/CVE-2018-11747
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://puppet.com/security/cve/CVE-2018-11747
Products affected by CVE-2018-11747
-
cpe:2.3:a:puppet:discovery:1.0.0
-
cpe:2.3:a:puppet:discovery:1.0.1
-
cpe:2.3:a:puppet:discovery:1.1.0
-
cpe:2.3:a:puppet:discovery:1.2.0
-
cpe:2.3:a:puppet:discovery:1.3.0