Overview

CVE-2015-4100 - Puppet Enterprise Certificate Authority Reverse Proxy Vulnerability

  • Posted June 18, 2015

  • Assessed Risk Level: Medium

In a specific multimaster configuration, Puppet Enterprise 3.7.x and 3.8.0 are potentially vulnerable to an issue where any client certificate trusted by the master could be used to perform full certificate management.

In the vulnerable configuration, the compile master(s) would need to have been added to the certificate-authority.client-whitelist setting for the CA server. The vulnerable configuration allows any agent authenticated by the master to revoke the certificates of other nodes, causing a denial of service. An attacker could also approve pending certificate requests for other nodes, potentially exposing Puppet catalogs containing sensitive data.

Default "monolithic", "split", and multimaster installs of PE 3.7.x or PE 3.8.0 are not affected.

The vulnerability is resolved by default in Puppet Enterprise 3.8.1.

CVSS v2 Score: 5.6

Vector AV:N/AC:H/Au:S/C:P/I:N/A:C

Status:

Affected Software Versions:

  • Puppet Enterprise 3.7.x, 3.8.0

Resolved in:

  • Puppet Enterprise 3.8.1