Certificate Authority Reverse Proxy Vulnerability in Puppet Enterprise 3.7.x and 3.8.0

Certificate Authority Reverse Proxy Vulnerability in Puppet Enterprise 3.7.x and 3.8.0

CVE-2015-4100 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:N/A:P

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."

Learn more about our User Device Pen Test.