CVE-2015-7328
Last modified
CVE-2015-7328 is a vulnerability of currently unknown severity. Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Puppet | Puppet Enterprise | 3.8.0 |
| Puppet | Puppet Enterprise | 3.8.1 |
| Puppet | Puppet Enterprise | 3.8.2 |
| Puppet | Puppet Enterprise | 2015.2.0 |
| Puppet | Puppet Enterprise | 2015.2.1 |
| Puppet | Puppet Enterprise | 2015.2.2 |
References
- https://puppetlabs.com/security/cve/cve-2015-7328Vendor Advisory
- https://puppetlabs.com/security/cve/cve-2015-7328Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-7328?
How severe is CVE-2015-7328?
How do I fix CVE-2015-7328?
Are you affected by CVE-2015-7328?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST