CVE-2018-11746

Summary

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet Discoveryunspecified < 1.2.0affected

Weaknesses

  • Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References