← Retour aux CVEs
CVE-2018-11751
MEDIUM5.4
Description
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
Details CVE
Score CVSS v3.15.4
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/16/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
puppet:puppet_server
Faiblesses (CWE)
CWE-295
References
https://puppet.com/security/cve/CVE-2018-11751(security@puppet.com)
https://puppet.com/security/cve/CVE-2018-11751(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.