PT-2016-3746 · Puppet · Puppet Enterprise

Published

2016-01-08

Updated

2019-07-10

CVE-2015-7328

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 3.8.3 Puppet Enterprise versions prior to 2015.2.3

Description The issue concerns the use of world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration of Puppet Server in Puppet Enterprise. This might allow local users to obtain sensitive information via unspecified vectors.

Recommendations For versions prior to 3.8.3, update to version 3.8.3 or later to resolve the issue. For versions prior to 2015.2.3, update to version 2015.2.3 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-7328

Affected Products

Puppet Enterprise

PT-2016-3746 · Puppet · Puppet Enterprise

CVE-2015-7328

Weakness Enumeration

Related Identifiers

Affected Products

References · 2