Vulnerabilities > Puppet > Discovery > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2018-11747 | Improper Certificate Validation vulnerability in Puppet Discovery Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. | 9.8 |
| 2018-07-03 | CVE-2018-11746 | Insufficiently Protected Credentials vulnerability in Puppet Discovery 1.0.0/1.0.1/1.1.0 In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. | 9.8 |