CVE-2015-7328

Опубликовано: 08 янв. 2016

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

Ссылки

https://puppetlabs.com/security/cve/cve-2015-7328
Vendor Advisory
https://puppetlabs.com/security/cve/cve-2015-7328
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet_enterprise:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2015.2.0:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2015.2.1:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2015.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00026

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-7328

CVSS3: 4.7

ubuntu

около 10 лет назад

CVE-2015-7328

CVSS3: 4.7

debian

около 10 лет назад

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015. ...

GHSA-wvp6-r8jc-j8v5

CVSS3: 4.7

github

больше 3 лет назад

EPSS

Процентиль: 7%

0.00026

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-200