Every CVE whose affected-product data names Puppet Discovery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2018-11747 — CVSS 9.8 (critical): Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique…
CVE-2018-11746 — CVSS 8.6 (high): In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over…