← Retour aux CVEs
CVE-2019-10694
CRITICAL9.8
Description
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/12/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
puppet:puppet_enterprise
Faiblesses (CWE)
CWE-798
References
https://puppet.com/security/cve/CVE-2019-10694(security@puppet.com)
https://puppet.com/security/cve/CVE-2019-10694(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.