PT-2019-11997 · Puppet · Puppet Enterprise

Publicado

2019-12-11

Atualizado

2022-01-24

CVE-2019-10694

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2019.0.3 Puppet Enterprise versions prior to 2018.1.9

Description The express install of Puppet Enterprise provides a URL to set the admin password at the end of the installation. However, if this URL is not used, a default password for the admin user is overlooked. This issue was resolved in versions 2019.0.3 and 2018.1.9.

Recommendations For versions prior to 2019.0.3, update to version 2019.0.3 or later to resolve the issue. For versions prior to 2018.1.9, update to version 2018.1.9 or later to resolve the issue. As a temporary workaround, consider changing the default admin password manually until a patch is applied.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2019-10694

Produtos afetados

Puppet Enterprise

PT-2019-11997 · Puppet · Puppet Enterprise

CVE-2019-10694

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4