CVSS 3 Base Score: 9.4Posted On: April 30, 2019Assessed Risk Level: HighThe express install, which is the suggested way to install PE if you're running the installer manually, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user.Status:Affected software versions:Puppet Enterprise 2019.x prior to 2019.0.3Puppet Enterprise 2018.x prior to 2018.1.9Resolved in:Puppet Enterprise 2019.0.3Puppet Enterprise 2018.1.9← Back to CVE Listings