NVD

Id
27970  
Name
CVE-2015-7328  
Description
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
1.9  
Severity
Low  
CVSS Base Score
1.9  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-01-08  
Modified Date
2016-01-11  
Seq
2015-7328  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
147084 27970 CVE-2015-7328 https://puppetlabs.com/security/cve/cve-2015-7328  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11422 JVNDB-2015-006742 Puppet Enterprise の Puppet Server における重要な情報を取得される脆弱性 Puppet Enterprise の Puppet Server は、初回のインストールおよび設定中、認証局 (CA) の証明書の秘密鍵に誰でも読み取り可能な権限 (world-readable permission) を使用するため、重要な情報を取得される脆弱性が存在します。 CVE-2015-7328 84553 CVE-2015-7328 27970 1.9 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-006742.html 2015-11-05 2016-01-13 View