CVSS 3 Base Score: Posted On: June 21, 2016Assessed Risk Level: LowOn May 3, 2016 OpenSSL announced several vulnerabilities.Previous versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Of the announced vulnerabilities,the default configuration of Puppet Enterprise is only vulnerable to CVE-2016-2107. However, connections are unlikely to be negotiated with the vulnerable AES-CBC cipher, as it is far down our list of preferred ciphers.For more information about these vulnerabilities, please refer to the OpenSSL security announcement (https://www.openssl.org/news/secadv/20160503.txt).Status:Affected software versions:Puppet Enterprise 3.8.xPuppet Enterprise 2015.xPuppet Enterprise 2016.x prior to 2016.2.0Resolved in:Puppet Enterprise 3.8.6Puppet Enterprise 2016.2.0← Back to CVE Listings
