CVSS 3 Base Score: 4.3Posted On: November 5, 2015Assessed Risk Level: Low During the initial installation and configuration of Puppet Enterprise, there is a short window of time where the generated CA key is left world-readable. This is corrected later during the configuration/bootstrapping steps. In Puppet Enterprise 3.8.3 and 2015.2.3, the CA key (and all other SSL private keys) are created with the correct permissions. Status:Affected software versions:Puppet Enterprise 3.8.xPuppet Enterprise 2015.2.xResolved in:Puppet Enterprise 3.8.3Puppet Enterprise 2015.2.3← Back to CVE Listings