Published: 16 December 2019
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
From the Ubuntu Security Team
msalvatore> Affects 6.x prior to 6.4.0
Severity score breakdown