Описание
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:puppet:discovery:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00217
Низкий
8.6 High
CVSS3
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
EPSS
Процентиль: 44%
0.00217
Низкий
8.6 High
CVSS3
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522