4.7

CVE-2015-7328

EPSS 0.03%
Published 08.01.2016 19:59:03
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Puppet ≫ Puppet Enterprise Version3.8.0

Puppet ≫ Puppet Enterprise Version3.8.1

Puppet ≫ Puppet Enterprise Version3.8.2

Puppet ≫ Puppet Enterprise Version2015.2.0

Puppet ≫ Puppet Enterprise Version2015.2.1

Puppet ≫ Puppet Enterprise Version2015.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.042

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	1	3.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://puppetlabs.com/security/cve/cve-2015-7328

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7328

EUVD