Lucene search

Ubuntu.comUB:CVE-2015-7328

HistoryJan 08, 2016 - 12:00 a.m.

CVE-2015-7328

2016-01-0800:00:00

ubuntu.com

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x
before 2015.2.3 uses world-readable permissions for the private key of the
Certification Authority (CA) certificate during the initial installation
and configuration, which might allow local users to obtain sensitive
information via unspecified vectors.

Notes

Author	Note
sbeattie	Puppet Enterprise only

References

launchpad.net/bugs/cve/CVE-2015-7328

nvd.nist.gov/vuln/detail/CVE-2015-7328

puppetlabs.com/security/cve/cve-2015-7328

security-tracker.debian.org/tracker/CVE-2015-7328

www.cve.org/CVERecord?id=CVE-2015-7328

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2015-7328