Overview

CVE-2015-7330 - Non-whitelisted hosts could access Puppet communications protocol

  • Posted December 29, 2015

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 8.8

Puppet Enterprise 2015.3 contained a misconfiguration in which non-whitelisted hosts were permitted to communicate over the Puppet communications protocol and potentially control Puppet.

This issue is fixed in 2015.3.1.

Status:

Affected Software Versions:

  • Puppet Enterprise 2015.3.0

Resolved in:

  • Puppet Enterprise 2015.3.1