CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
47.6%
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.
Vendor | Product | Version | CPE |
---|---|---|---|
puppet | puppet_enterprise | * | cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* |
puppet | puppet_enterprise | 2.0.0 | cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:* |
puppet | puppet_enterprise | 2.5.1 | cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:* |
puppet | puppet_enterprise | 2.5.2 | cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:* |
puppetlabs | puppet | 2.5.0 | cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:* |
puppetlabs | puppet | 2.6.0 | cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:* |