CVSS 3 Base Score: Posted On: January 30, 2020Assessed Risk Level: LowOn December 20, 2019, OpenSSL announced several vulnerabilitiesPrevious versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Puppet Enterprise 2018.1.12, 2019.1.4, and 2019.3.0 ship with an updated version of OpenSSLFor more information about these vulnerabilities, please refer to the OpenSSL security announcement (https://www.openssl.org/news/vulnerabilities.html#2019-1551)Status:Affected software versions:Puppet Agent 5 versions prior to 5.5.18Puppet Agent 6 versions prior to 6.4.5Puppet Agent 6 versions prior to 6.12.0Puppet Enterprise 2018.1 versions prior to 2018.1.12Puppet Enterprise 2019.1 versions prior to 2019.1.4Puppet Enterprise 2019.2 versions prior to 2019.3.0PE Client Tools 18.1 versions prior to 18.1.13PE Client Tools 19.1 versions prior to 19.1.6PE Client Tools 19.1 versions prior to 19.3.0Bolt versions prior to 1.45.0PDK versions prior to 1.15.0Resolved in:Puppet Agent 5.5.18Puppet Agent 6.4.5Puppet Agent 6.12.0Puppet Enterprise 2018.1.12Puppet Enterprise 2019.1.4Puppet Enterprise 2019.3.0PE Client Tools 18.1.13PE Client Tools 19.1.6PE Client Tools 19.3.0Bolt 1.45.0PDK 1.15.0← Back to CVE Listings
