Overview

CVE-2018-11748 - Puppet Device Manager Module file permission issue

  • Posted October 2, 2018

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 6.5

Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0.

Status:

Affected software versions:

  • device_manager prior to 2.7.0

Resolved in:

  • device_manager 2.7.0