Bug 1788261 (CVE-2018-11751) - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
Summary: CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connec...
Status: NEW
Alias: CVE-2018-11751
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1798607
Blocks: 1788266
TreeView+ depends on / blocked
Reported: 2020-01-06 20:27 UTC by Pedro Sampaio
Modified: 2020-02-05 16:12 UTC (History)
24 users (show)

Fixed In Version: puppet-agent 6.4.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2020-01-06 20:27:18 UTC
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.



Comment 1 Nick Tait 2020-01-15 21:30:38 UTC
There was a period missing in the "fixed in" field, so I corrected that.

Comment 2 Nick Tait 2020-01-15 21:30:40 UTC
External References:


Note You need to log in before you can comment on or make changes to this bug.