Unverified SSL Connection in Previous Versions of Puppet Agent

Unverified SSL Connection in Previous Versions of Puppet Agent

CVE-2018-11751 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

Learn more about our Web Application Penetration Testing UK.