CVE-2019-10694

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://puppet.com/security/cve/CVE-2019-10694	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:puppet:puppet_enterprise::::::::
	cpe:2.3:a:puppet:puppet_enterprise::::::::

History

24 Jan 2022, 16:46

Type	Values Removed	Values Added
First Time		Puppet puppet Enterprise
CPE	cpe:2.3:a:puppet:puppet:::::enterprise:::*	cpe:2.3:a:puppet:puppet_enterprise::::::::

Information

Published : 2019-12-12 00:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-10694

Mitre link : CVE-2019-10694

CVE.ORG link : CVE-2019-10694

JSON object : View

Products Affected

puppet

puppet_enterprise

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2019-10694", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-12-12T00:15:11.033", "references": [{"url": "https://puppet.com/security/cve/CVE-2019-10694", "tags": ["Vendor Advisory"], "source": "security@puppet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9."}, {"lang": "es", "value": "La instalaci\u00f3n r\u00e1pida, que es la forma sugerida de instalar Puppet Enterprise, le entrega al usuario una URL al final de la instalaci\u00f3n para establecer la contrase\u00f1a de administrador. Si no usan esa URL, existe una contrase\u00f1a predeterminada obviada por el usuario administrador. Esto se resolvi\u00f3 en Puppet Enterprise versiones 2019.0.3 y 2018.1.9."}], "lastModified": "2022-01-24T16:46:01.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8E55A61-7597-47E8-8091-D0159F896526", "versionEndExcluding": "2018.1.9", "versionStartIncluding": "2018.1.0"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A3BE002-D1AA-4193-ACCE-4A381F24894A", "versionEndExcluding": "2019.0.3", "versionStartIncluding": "2019.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@puppet.com"}