Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet enterprise 3.8.0 |
||
puppet puppet enterprise |