Overview

CVE-2018-11747 - Puppet Discovery shipped with a default generated TLS certificate

  • Posted September 27, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 4.7

Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. Now generates a certificate in the CLI and provides it to the user after installation is complete OR allows a user to specify their own TLS certificate for ingress

Status:

Affected software versions:

  • Puppet Discovery prior to 1.4.0

Resolved in:

  • Puppet Discovery 1.4.0