CVE-2018-11751

medium

Description

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

References

https://puppet.com/security/cve/CVE-2018-11751

Details

Source: Mitre, NVD

Published: 2019-12-16

Updated: 2020-04-07

Risk Information

CVSS v2

Base Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L