CVSS 3 Base Score: 8.6Posted On: June 28, 2018Assessed Risk Level: HighWhen running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.Status:Affected software versions:Puppet Discovery prior to 1.2.0Resolved in:Puppet Discovery 1.2.0← Back to CVE Listings