Back to search
CVE-2019-10694
Published: Dec 11, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.
| Vendor | Product | Versions |
|---|---|---|
n/a | Puppet Enterprise | affected Puppet Enterprise 2019.x prior to 2019.0.3, Puppet Enterprise 2018.x prior to 2018.1.9 |
References
https://puppet.com/security/cve/CVE-2019-10694
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now