CVE-2015-7328
low-risk
Published 2016-01-08
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10
Medium
LOCAL
/ HIGH complexity
Affected Products (6)
Affected Vendors
References (2)
Vendor Advisory
https://puppetlabs.com/security/cve/cve-2015-7328
Vendor Advisory
https://puppetlabs.com/security/cve/cve-2015-7328
25
/ 100
low-risk
Severity
12/34 · Low
Exploitability
0/34 · Minimal
Exposure
13/34 · Low