Puppet Server in Puppet Enterprise prior to 3.8.x prior to 3.8.3 and 2015.2.x prior to 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet enterprise 2015.2.0 |
||
puppet puppet enterprise 2015.2.2 |
||
puppet puppet enterprise 2015.2.1 |
||
puppet puppet enterprise 3.8.2 |
||
puppet puppet enterprise 3.8.0 |
||
puppet puppet enterprise 3.8.1 |