Bug 1788261 (CVE-2018-11751) - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
Summary: CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connec...
Keywords:
Status: NEW
Alias: CVE-2018-11751
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1798607
Blocks: 1788266
TreeView+ depends on / blocked
 
Reported: 2020-01-06 20:27 UTC by Pedro Sampaio
Modified: 2020-02-05 16:12 UTC (History)
24 users (show)

Fixed In Version: puppet-agent 6.4.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2020-01-06 20:27:18 UTC
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

References:

https://puppet.com/security/cve/CVE-2018-11751/

Comment 1 Nick Tait 2020-01-15 21:30:38 UTC
There was a period missing in the "fixed in" field, so I corrected that.

Comment 2 Nick Tait 2020-01-15 21:30:40 UTC
External References:

https://tickets.puppetlabs.com/browse/PUP-9459


Note You need to log in before you can comment on or make changes to this bug.