CVE-2018-11751

EUVD-2018-3770
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
puppetpuppet_server
6.0.0 ≤
𝑥
< 6.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
bionic
not-affected
disco
ignored
eoan
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://puppet.com/security/cve/CVE-2018-11751
https://puppet.com/security/cve/CVE-2018-11751