CVE-2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
puppetCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
puppetpuppet_server
6.0.0 ≤
𝑥
< 6.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
eoan
not-affected
disco
ignored
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://puppet.com/security/cve/CVE-2018-11751
https://puppet.com/security/cve/CVE-2018-11751