CVSS 3 Base Score: Posted On: June 23, 2020Assessed Risk Level: MediumOn April 29, 2020, jQuery published a security update addressing CVE-2020-11023, where passing HTML containing <option> elements from untrusted sources may execute untrusted code. Previous releases of Puppet Enterprise contain a vulnerable version of jQuery. Puppet Enterprise versions 2019.8.0 and 2018.1.16 contain an updated version of jQuery that has patched the vulnerabilities.For more information about these vulnerability, refer to the Potential XSS vulnerability in jQuery.Status:Affected software versions:Puppet Enterprise versions prior to 2019.8.0Puppet Enterprise versions prior to 2018.1.16Resolved in:Puppet Enterprise 2019.8.0Puppet Enterprise 2018.1.16← Back to CVE Listings