Описание
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| devel | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| precise/esm | DNE | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | needs-triage | |
| xenial | not-affected | |
| zesty | not-affected |
Показывать по
EPSS
4.9 Medium
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated use ...
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
EPSS
4.9 Medium
CVSS2
6.8 Medium
CVSS3