Puppet Enterprise does not generate wildcard SSL certificates by default. However, if a PE infrastructure has been configured with wildcard SSL certificates, it could theoretically be vulnerable to man-in-the-middle attacks.
For more information on the vulnerability, please see the Ruby project’s announcement.
CVSS v2 Score: 3.1
Affected Software Versions: