CVE-2019-10694

EPSS 0.42%
Published 12.12.2019 00:15:11
Last modified 21.11.2024 04:19:45
Source security@puppet.com
Teams watchlist Login
Open Login

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Puppet ≫ Puppet Enterprise Version >= 2018.1.0 < 2018.1.9

Puppet ≫ Puppet Enterprise Version >= 2019.0 < 2019.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.608

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://puppet.com/security/cve/CVE-2019-10694

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10694

EUVD