CVSS 3 Base Score: 8.5Posted On: August 23, 2018Assessed Risk Level: High When users are configured to use startTLS with Role-Based Access Control (RBAC) Lightweight Directory Access Protocol (LDAP), at login time, the user's credentials are sent via plaintext to the LDAP server. This vulnerability was found by an internal audit at Puppet. Status:Affected software versions:Puppet Enterprise prior to 2018.1.4Puppet Enterprise prior to 2017.3.10Puppet Enterprise prior to 2016.4.15Resolved in:Puppet Enterprise 2018.1.4Puppet Enterprise 2017.3.10Puppet Enterprise 2016.4.15← Back to CVE Listings