CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.6%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 1.9

References

Products affected by CVE-2015-7328

Puppet » Puppet Enterprise » Version: 2015.2.0

cpe:2.3:a:puppet:puppet_enterprise:2015.2.0
Puppet » Puppet Enterprise » Version: 2015.2.1

cpe:2.3:a:puppet:puppet_enterprise:2015.2.1
Puppet » Puppet Enterprise » Version: 2015.2.2

cpe:2.3:a:puppet:puppet_enterprise:2015.2.2
Puppet » Puppet Enterprise » Version: 3.8.0

cpe:2.3:a:puppet:puppet_enterprise:3.8.0
Puppet » Puppet Enterprise » Version: 3.8.1

cpe:2.3:a:puppet:puppet_enterprise:3.8.1
Puppet » Puppet Enterprise » Version: 3.8.2

cpe:2.3:a:puppet:puppet_enterprise:3.8.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7328

Products

Pricing

Contact Us