CVE-2015-7330 - Non-whitelisted hosts could access Puppet communications protocol
Posted December 29, 2015
Assessed Risk Level: High
CVSS 3 Base Score: 8.8
Puppet Enterprise 2015.3 contained a misconfiguration in which non-whitelisted hosts were permitted to communicate over the Puppet communications protocol and potentially control Puppet.
This issue is fixed in 2015.3.1.
Affected Software Versions:
- Puppet Enterprise 2015.3.0
- Puppet Enterprise 2015.3.1