CVE-2015-7330
published 2016-04-11CVE-2015-7330: Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications…
PriorityP352high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.06%
79.0th percentile
Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| puppet | puppet_enterprise | — | — |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3+esm6 | 2.0.0.2-2ubuntu1.3+esm6 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ansible regression
osv·2025-03-28·CVSS 4.3
ansible regression
ansible regression
USN-7330-1 fixed vulnerabilities in Ansible. The update introduced a
regression when attempting to install Ansible on Ubuntu 16.04 LTS.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Ansible did not properly verify certain fields
of X.509 certificates. An attacker could possibly use this issue to
spoof SSL servers if they were able to intercept network communications.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)
Martin Carpenter discovered that certain connection plugins for Ansible
did not properly restrict users. An attacker with local access could
possibly use this issue to escape a restricted environment via symbolic
links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2
GHSA
GHSA-r54w-m7fw-47xm: Puppet Enterprise 2015
ghsa_unreviewed·2022-05-13
CVE-2015-7330 [HIGH] GHSA-r54w-m7fw-47xm: Puppet Enterprise 2015
Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-04-11
Published