3 matches found
CVE-2015-4100
CVE-2015-4100 affects Puppet Enterprise 3.7.x and 3.8.0, where remote authenticated users can manage certificates for arbitrary nodes by abusing a client certificate trusted by the master (Certificate Authority Reverse Proxy vulnerability). The issue is rooted in how certificates are trusted/hand...
CVE-2015-8470
CVE-2015-8470 affects Puppet Enterprise console: versions 3.7.x, 3.8.x, and 2015.2.x fail to set the secure flag on the JSESSIONID cookie in HTTPS, making remote cookie interception possible. This can lead to information disclosure or session hijacking as described in the sources. The connected d...
CVE-2014-9355
Puppet Enterprise before 3.7.1 is affected. An authenticated remote user can obtain licensing and certificate signing request information by accessing an unspecified API endpoint. The affected component is Puppet Enterprise (pre-3.7.1) and the root cause is an information-disclosure path exposed ...