Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Puppet_enterprise | Puppet | * | 3.1.1 (including) |
Puppet_enterprise | Puppet | 3.0.0 (including) | 3.0.0 (including) |
Puppet_enterprise | Puppet | 3.0.1 (including) | 3.0.1 (including) |
Puppet_enterprise | Puppet | 3.1.0 (including) | 3.1.0 (including) |