CVE-2018-11751

MEDIUM

Puppet Server 6.0.0-6.3.9 - Improper Certificate Validation

Title source: llm
STIX 2.1

Description

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://puppet.com/security/cve/CVE-2018-11751

Scores

CVSS v3 5.4
EPSS 0.0061
EPSS Percentile 44.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

CWE
CWE-295
Status published
Products (1)
puppet/puppet_server 6.0.0 - 6.4.0
Published Dec 16, 2019
Tracked Since Feb 18, 2026