CVE-2015-7328
MEDIUMPuppet Enterprise - Exposure of Sensitive Information via World-Readable CA Private Key
Title source: llmDescription
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://puppetlabs.com/security/cve/cve-2015-7328
Scores
CVSS v3
4.7
EPSS
0.0017
EPSS Percentile
7.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (6)
puppet/puppet_enterprise
3.8.0
puppet/puppet_enterprise
3.8.1
puppet/puppet_enterprise
3.8.2
puppet/puppet_enterprise
2015.2.0
puppet/puppet_enterprise
2015.2.1
puppet/puppet_enterprise
2015.2.2
Published
Jan 08, 2016
Tracked Since
Feb 18, 2026