Vulnerabilities (CVE)

Filtered by vendor Puppet Subscribe
Filtered by product Discovery
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11747 1 Puppet 1 Discovery 2024-02-28 7.5 HIGH 9.8 CRITICAL
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
CVE-2018-11746 1 Puppet 1 Discovery 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.