Overview

CVE-2018-11747 - Puppet Discovery shipped with a default generated TLS certificate

  • Posted September 27, 2018

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 4.7

Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.

Status:

Affected software versions:

  • Puppet Discovery prior to 1.4.0

Resolved in:

  • Puppet Discovery 1.4.0