CVE-2019-10694

EPSS 0.42%
Veröffentlicht 12.12.2019 00:15:11
Zuletzt bearbeitet 21.11.2024 04:19:45
Quelle security@puppet.com
Teams Watchlist Login
Unerledigt Login

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Enterprise Version >= 2018.1.0 < 2018.1.9

Puppet ≫ Puppet Enterprise Version >= 2019.0 < 2019.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.608

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://puppet.com/security/cve/CVE-2019-10694

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10694

EUVD