-
Posted August 15, 2013
Severity: High
In Puppet Enterprise 3.0.0, because the database password was seeded as a console parameter, and because the dashboard did not restrict access to the `/nodes` end point, any node or attacker had the ability to retrieve the database password in clear text.
Status
- Affected Versions: Puppet Enterprise 3.0.0
- Resolved in Puppet Enterprise 3.0.1