4.7

CVE-2015-7328

EPSS 0.03%
Veröffentlicht 08.01.2016 19:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Enterprise Version3.8.0

Puppet ≫ Puppet Enterprise Version3.8.1

Puppet ≫ Puppet Enterprise Version3.8.2

Puppet ≫ Puppet Enterprise Version2015.2.0

Puppet ≫ Puppet Enterprise Version2015.2.1

Puppet ≫ Puppet Enterprise Version2015.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.042

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://puppetlabs.com/security/cve/cve-2015-7328

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7328

EUVD