CVE-2018-11749
Summary
| CVE | CVE-2018-11749 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-24 13:29:00 UTC |
| Updated | 2022-01-24 16:46:00 UTC |
| Description | When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score. |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Puppet | Puppet | All | All | All | All |
| Application | Puppet | Puppet | All | All | All | All |
| Application | Puppet | Puppet | All | All | All | All |
| Application | Puppet | Puppet Enterprise | All | All | All | All |
| Application | Puppet | Puppet Enterprise | All | All | All | All |
| Application | Puppet | Puppet Enterprise | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2018-11749 - RBAC User Authentication Request Done Over Plaintext | Puppet | CONFIRM | puppet.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.