CVE-2018-11751 - Puppet Agent does not properly verify SSL connection when downloading a CRL

  • Posted December 12, 2019

  • Assessed Risk Level: Low

  • CVSS 3 Base Score: 3.7

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Status:

Affected software versions:

  • Puppet 6.x prior to 6.4.0
  • Puppet Agent 6.x prior to 6.4.0

Resolved in:

  • Puppet 6.4.0
  • Puppet Agent 6.x prior to 6.4.0
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.