Certificate Authority Reverse Proxy Vulnerability in Puppet Enterprise 3.7.x and 3.8.0
CVE-2015-4100 · MEDIUM Severity
AV:N/AC:M/AU:S/C:P/I:N/A:P
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
Learn more about our User Device Pen Test.