Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a “Certificate Authority Reverse Proxy Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
puppet_enterprise | eq | 3.8.0 | |
puppet_enterprise | ge | 3.7.0 | |
puppet_enterprise | le | 3.7.2 |