CVE-2018-11746 - Puppet Discovery can leak authentication information
Posted June 28, 2018
Assessed Risk Level: High
CVSS 3 Base Score: 8.6
When running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Affected software versions:
- Puppet Discovery prior to 1.2.0
- Puppet Discovery 1.2.0