Описание
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2018.1.0 (включая) до 2018.1.9 (исключая)Версия от 2019.0 (включая) до 2019.0.3 (исключая)
Одно из
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.0042
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798
Связанные уязвимости
github
больше 3 лет назад
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.
EPSS
Процентиль: 61%
0.0042
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798