PT-2019-8792 · Puppet+1 · Puppet Discovery+1
Yanshuchong
·
Publicado
2019-03-17
·
Atualizado
2020-12-16
·
CVE-2018-11747
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Puppet Discovery versions prior to 1.4.0
Description
The issue concerns a default generated TLS certificate in the nginx container. Previously, Puppet Discovery was shipped with this default certificate. In version 1.4.0, a unique certificate will be generated on installation, or the user will be able to provide their own TLS certificate for ingress.
Recommendations
For versions prior to 1.4.0, update to version 1.4.0 to generate a unique TLS certificate on installation or provide your own TLS certificate for ingress.
Correção
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Puppet Discovery
Nginx