CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
puppetpuppet_enterprise
3.8.0
puppetpuppet_enterprise
3.8.1
puppetpuppet_enterprise
3.8.2
puppetpuppet_enterprise
2015.2.0
puppetpuppet_enterprise
2015.2.1
puppetpuppet_enterprise
2015.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
wily
not-affected
vivid
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
https://puppetlabs.com/security/cve/cve-2015-7328
https://puppetlabs.com/security/cve/cve-2015-7328