📦

discovery

Vendor: puppet

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.24% Exploit Prob.

Latest CVE CVE-2018-11747 Mar 21

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2018-11747

Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.

EPSS: 0.26%

Severity: CRITICAL

Mar 21, 2019

8.6 CVSS

CVE-2018-11746

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.

EPSS: 0.22%

Severity: HIGH

Jul 03, 2018

Displaying 2 of 2 Total Entries

Total 1 Sections