Puppet Discovery
Approved changes feed: RSS · Atom
cpe:2.3:a:puppet:puppet_discovery:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Puppet (056a1ba3-12b3-5ecf-a97f-ab3b403c7816) |
|---|---|
| Product | Puppet Discovery (68bff6c3-a0c4-587f-bff5-216bad08ed90) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-11747 |
vulnerable | 2026-06-03 14:38:01.867046 |
Details available
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Published: 2019-03-17T19:16:13.000Z
Updated: 2024-08-05T08:17:08.991Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11746 |
vulnerable | 2026-06-03 14:38:01.865615 |
Puppet Discovery can leak authentication information
HIGH (8.6)
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Published: 2018-07-03T13:00:00.000Z
Updated: 2024-09-16T23:55:51.656Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.