{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T19:13:42.632","vulnerabilities":[{"cve":{"id":"CVE-2019-10694","sourceIdentifier":"security@puppet.com","published":"2019-12-12T00:15:11.033","lastModified":"2024-11-21T04:19:45.973","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9."},{"lang":"es","value":"La instalación rápida, que es la forma sugerida de instalar Puppet Enterprise, le entrega al usuario una URL al final de la instalación para establecer la contraseña de administrador. Si no usan esa URL, existe una contraseña predeterminada obviada por el usuario administrador. Esto se resolvió en Puppet Enterprise versiones 2019.0.3 y 2018.1.9."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2018.1.0","versionEndExcluding":"2018.1.9","matchCriteriaId":"C8E55A61-7597-47E8-8091-D0159F896526"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.0","versionEndExcluding":"2019.0.3","matchCriteriaId":"5A3BE002-D1AA-4193-ACCE-4A381F24894A"}]}]}],"references":[{"url":"https://puppet.com/security/cve/CVE-2019-10694","source":"security@puppet.com","tags":["Vendor Advisory"]},{"url":"https://puppet.com/security/cve/CVE-2019-10694","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}