CVE-2015-7328

MEDIUM

Puppet Enterprise - Information Disclosure

Title source: rule

Description

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

References (1)

[Vendor Advisory] https://puppetlabs.com/security/cve/cve-2015-7328

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 7.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (6)

puppet/puppet_enterprise

Timeline

Published Jan 08, 2016

Tracked Since Feb 18, 2026