2 matches found
CVE-2018-11746
CVE-2018-11746 affects Puppet Discovery prior to 1.2.0. When running against Windows, WinRM connections can fall back to basic auth over insecure channels if a HTTPS server is unavailable, exposing login credentials used by Puppet Discovery. The issue is specific to that context; upgrading to ver...
CVE-2018-11747
CVE-2018-11747 concerns Puppet Discovery where the nginx container shipped with a default generated TLS certificate. The root cause is the presence of a default certificate in the container prior to the fixed implementation. The documented remediation is that in version 1.4.0 a unique certificate...