Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Puppet Discovery can leak authentication information
Vulnerability Description
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet Discovery 安全漏洞
Vulnerability Description
Puppet Discovery是美国Puppet实验室的一套用于识别IT资源的解决方案。该方案能够使用SSH、WinRM和公共API识别和连接多种IT资源。 Puppet Discovery 1.2.0之前版本中存在安全漏洞。攻击者可利用该漏洞泄露Puppet Discovery使用的登录凭证。
CVSS Information
N/A
Vulnerability Type
N/A