Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-11751

Опубликовано: 12 дек. 2019
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List (CRL). The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a phony CRL, potentially denying future automation of systems driven by Puppet.

Отчет

Red Hat Update Infrastructure 3 is in Maintenance Support phase and product only fixing Critical or Important impact flaws. Please refer lifecycle page for more details: https://access.redhat.com/support/policy/updates/rhui

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)puppetOut of support scope
Red Hat OpenStack Platform 13 (Queens)puppetNot affected
Red Hat OpenStack Platform 15 (Stein)puppetNot affected
Red Hat OpenStack Platform 16 (Train)puppetNot affected
Red Hat Update Infrastructure 3 for Cloud ProviderspuppetWill not fix
Red Hat Satellite 6.8 for RHEL 7ansible-collection-redhat-satelliteFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-foreman_scap_clientFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-insights-clientFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-satellite-receptor-installerFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansible-runnerFixedRHSA-2020:436627.10.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=1788261puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL

EPSS

Процентиль: 45%
0.00223
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-11751

CVSS3: 5.4
ubuntu
около 6 лет назад

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

nvd логотип

CVE-2018-11751

CVSS3: 5.4
nvd
около 6 лет назад

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

debian логотип

CVE-2018-11751

CVSS3: 5.4
debian
около 6 лет назад

Previous versions of Puppet Agent didn't verify the peer in the SSL co ...

github логотип

GHSA-vvrg-mw82-38g2

github
больше 3 лет назад

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

EPSS

Процентиль: 45%
0.00223
Низкий

3.7 Low

CVSS3