Search criteria
4 vulnerabilities found for Puppet Discovery by Puppet
CVE-2018-11747 (GCVE-0-2018-11747)
Vulnerability from nvd – Published: 2019-03-17 19:16 – Updated: 2024-08-05 08:17
VLAI
Summary
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Severity
No CVSS data available.
CWE
- Insecure default
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://puppet.com/security/cve/CVE-2018-11747 | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/rd0e44e8ef71… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Puppet | Puppet Discovery |
Affected:
all versions prior to 1.4.0
|
Date Public
2019-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2018-11747"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Discovery",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "all versions prior to 1.4.0"
}
]
}
],
"datePublic": "2019-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:19.000Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/CVE-2018-11747"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2018-11747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Discovery",
"version": {
"version_data": [
{
"version_value": "all versions prior to 1.4.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure default"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-11747",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-11747"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2018-11747",
"datePublished": "2019-03-17T19:16:13.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:17:08.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11746 (GCVE-0-2018-11746)
Vulnerability from nvd – Published: 2018-07-03 13:00 – Updated: 2024-09-16 23:55
VLAI
Title
Puppet Discovery can leak authentication information
Summary
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Severity
8.6 (High)
CWE
- Insufficiently Protected Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://puppet.com/security/cve/CVE-2018-11746 | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/rd0e44e8ef71… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Puppet | Puppet Discovery |
Affected:
unspecified , < 1.2.0
(custom)
|
Date Public
2018-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2018-11746"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Discovery",
"vendor": "Puppet",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:18.000Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/CVE-2018-11746"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Puppet Discovery can leak authentication information",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2018-07-02T22:00:00.000Z",
"ID": "CVE-2018-11746",
"STATE": "PUBLIC",
"TITLE": "Puppet Discovery can leak authentication information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Discovery",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-11746",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-11746"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2018-11746",
"datePublished": "2018-07-03T13:00:00.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:55:51.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11747 (GCVE-0-2018-11747)
Vulnerability from cvelistv5 – Published: 2019-03-17 19:16 – Updated: 2024-08-05 08:17
VLAI
Summary
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Severity
No CVSS data available.
CWE
- Insecure default
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://puppet.com/security/cve/CVE-2018-11747 | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/rd0e44e8ef71… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Puppet | Puppet Discovery |
Affected:
all versions prior to 1.4.0
|
Date Public
2019-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2018-11747"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Discovery",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "all versions prior to 1.4.0"
}
]
}
],
"datePublic": "2019-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:19.000Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/CVE-2018-11747"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2018-11747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Discovery",
"version": {
"version_data": [
{
"version_value": "all versions prior to 1.4.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure default"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-11747",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-11747"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2018-11747",
"datePublished": "2019-03-17T19:16:13.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:17:08.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11746 (GCVE-0-2018-11746)
Vulnerability from cvelistv5 – Published: 2018-07-03 13:00 – Updated: 2024-09-16 23:55
VLAI
Title
Puppet Discovery can leak authentication information
Summary
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Severity
8.6 (High)
CWE
- Insufficiently Protected Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://puppet.com/security/cve/CVE-2018-11746 | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/rd0e44e8ef71… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Puppet | Puppet Discovery |
Affected:
unspecified , < 1.2.0
(custom)
|
Date Public
2018-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2018-11746"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Discovery",
"vendor": "Puppet",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:18.000Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/CVE-2018-11746"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Puppet Discovery can leak authentication information",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2018-07-02T22:00:00.000Z",
"ID": "CVE-2018-11746",
"STATE": "PUBLIC",
"TITLE": "Puppet Discovery can leak authentication information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Discovery",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-11746",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-11746"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2018-11746",
"datePublished": "2018-07-03T13:00:00.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:55:51.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}