CVE-2018-11747 - Puppet Discovery shipped with a default generated TLS certificate
Posted September 27, 2018
Assessed Risk Level: Medium
CVSS 3 Base Score: 4.7
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Affected software versions:
- Puppet Discovery prior to 1.4.0
- Puppet Discovery 1.4.0