CVE-2015-7328Sensitive Information Exposure in Enterprise

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 92.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedJan 8
Latest updateMay 14

Description

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages1 packages

NVDpuppet/puppet_enterprise6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-wvp6-r8jc-j8v5: Puppet Server in Puppet Enterprise before 32022-05-14
CVEList
CVE-2015-7328: Puppet Server in Puppet Enterprise before 32016-01-08

📋Vendor Advisories

1
Debian
CVE-2015-7328: puppet - Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before...2015
CVE-2015-7328 — Sensitive Information Exposure | cvebase