Launchpad.net

CVE 2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.

See the CVE page on Mitre.org for more details.

References