CVE-2018-11746

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt