Puppet Discovery
By the Year
In 2024 there have been 0 vulnerabilities in Puppet Discovery . Discovery did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Discovery vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Puppet Discovery Security Vulnerabilities
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container
CVE-2018-11747
9.8 - Critical
- March 21, 2019
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Improper Certificate Validation
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections
CVE-2018-11746
9.8 - Critical
- July 03, 2018
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Puppet Discovery or by Puppet? Click the Watch button to subscribe.
