Overview

  • Posted March 14, 2016

  • Assessed Risk Level: Medium

The Puppet Communications Protocol incorrectly validates certificates for the broker node. This allows non-whitelisted hosts to prevent the Puppet Communications Protocol from triggering runs.

Status:

Affected Software Versions:

  • Puppet Enterprise 2015.3.x prior to 2015.3.3

Resolved in:

  • Puppet Enterprise 2015.3.3