CVE-2019-10694
N/A
N/A
Summary
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Puppet Enterprise | Puppet Enterprise 2019.x prior to 2019.0.3, Puppet Enterprise 2018.x prior to 2018.1.9 | affected |
Weaknesses
- Credentials Management
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.