CVE-2018-11747

Summary

Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet Discoveryall versions prior to 1.4.0affected

Weaknesses

  • Insecure default

ADP Enrichment

CVE Program Container

Additional References

References