CVE-2019-10694

{"id": "CVE-2019-10694", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-12-12T00:15:11.033", "references": [{"url": "https://puppet.com/security/cve/CVE-2019-10694", "tags": ["Vendor Advisory"], "source": "security@puppet.com"}, {"url": "https://puppet.com/security/cve/CVE-2019-10694", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9."}, {"lang": "es", "value": "La instalaci\u00f3n r\u00e1pida, que es la forma sugerida de instalar Puppet Enterprise, le entrega al usuario una URL al final de la instalaci\u00f3n para establecer la contrase\u00f1a de administrador. Si no usan esa URL, existe una contrase\u00f1a predeterminada obviada por el usuario administrador. Esto se resolvi\u00f3 en Puppet Enterprise versiones 2019.0.3 y 2018.1.9."}], "lastModified": "2024-11-21T04:19:45.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8E55A61-7597-47E8-8091-D0159F896526", "versionEndExcluding": "2018.1.9", "versionStartIncluding": "2018.1.0"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A3BE002-D1AA-4193-ACCE-4A381F24894A", "versionEndExcluding": "2019.0.3", "versionStartIncluding": "2019.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@puppet.com"}