admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-03 09:03:19 -04:00
parent e700398553
commit 6169a20821
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
2018/11xxx/CVE-2018-11746.json
View File

@ -1,21 +1,10 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@puppet.com",
"DATE_PUBLIC" : "2018-07-02T22:00:00.000Z",
"ID" : "CVE-2018-11746",
"STATE" : "PUBLIC",
"TITLE" : "Puppet Discovery can leak authentication information",
"DATE_PUBLIC" : "2018-07-02T22:00:00.000Z"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery."
}
]
"TITLE" : "Puppet Discovery can leak authentication information"
},
"affects" : {
"vendor" : {
@ -41,6 +30,17 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",