Puppet: >> Discovery >> 1.1.0 Security Vulnerabilities
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-03-21
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
CVSS Score
8.6
EPSS Score
0.002
Published
2018-07-03