6.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.0%
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a “Certificate Authority Reverse Proxy Vulnerability.”
puppet.com/security/cve/CVE-2015-4100