CVE-2018-11751
published 2019-12-16CVE-2018-11751: Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
medium5.4CVSS 3.1
AVAACLPRNUINSUCNILAL
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet_server | >= 6.0.0 < 6.4.0 | 6.4.0 |