CVE-2015-4100
published 2017-12-21CVE-2015-4100: Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted…
medium6.8CVSS 3.0
AVNACHPRLUINSUCHINAH
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | 3.7.0 – 3.7.2 | — |