Posted December 16, 2014
Assessed Risk Level: Medium
In Puppet Enterprise 3.7.0, an authenticated Puppet Enterprise Console user with no permissions could access certain API endpoints providing information about PE licensing and certificate signing requests.
CVSS v2 Score: 4.0
Vector AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:U/RC:C
Status:
Affected Software Versions:
Resolved in: