CVE-2015-4100 - Puppet Enterprise Certificate Authority Reverse Proxy Vulnerability
Posted June 18, 2015
Assessed Risk Level: Medium
In a specific multimaster configuration, Puppet Enterprise 3.7.x and 3.8.0 are potentially vulnerable to an issue where any client certificate trusted by the master could be used to perform full certificate management.
In the vulnerable configuration, the compile master(s) would need to have been added to the certificate-authority.client-whitelist setting for the CA server. The vulnerable configuration allows any agent authenticated by the master to revoke the certificates of other nodes, causing a denial of service. An attacker could also approve pending certificate requests for other nodes, potentially exposing Puppet catalogs containing sensitive data.
Default "monolithic", "split", and multimaster installs of PE 3.7.x or PE 3.8.0 are not affected.
The vulnerability is resolved by default in Puppet Enterprise 3.8.1.
CVSS v2 Score: 5.6
Affected Software Versions:
- Puppet Enterprise 3.7.x, 3.8.0
- Puppet Enterprise 3.8.1