Design/Logic Flaw

2017-12-2115:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

JSON

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a “Certificate Authority Reverse Proxy Vulnerability.”

CPENameOperatorVersion
puppet_enterpriseeq3.8.0
puppet_enterprisege3.7.0
puppet_enterprisele3.7.2

Name	Operator	Version
puppet_enterprise	eq	3.8.0
puppet_enterprise	ge	3.7.0
puppet_enterprise	le	3.7.2

References

puppet.com/security/cve/CVE-2015-4100