puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List CRL. The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a...