Vulnerability Details CVE-2015-4100
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.9
References
Products affected by CVE-2015-4100
-
cpe:2.3:a:puppet:puppet_enterprise:3.7.0
-
cpe:2.3:a:puppet:puppet_enterprise:3.7.1
-
cpe:2.3:a:puppet:puppet_enterprise:3.7.2
-
cpe:2.3:a:puppet:puppet_enterprise:3.8.0