CVE-2018-11751

Summary

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Affected Software

VendorProductVersion RangeStatus
n/aPuppet Agent, PuppetPuppet Agent 6.x prior to 6.4.0, Puppet 6.x prior to 6.4.xaffected

Weaknesses

  • Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References