Main Vulnerability Database Vulnerabilities #VU41547

Information disclosure in Puppet Enterprise - CVE-2014-3249

Published: June 17, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41547

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-3249

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Enterprise

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.

Install update from vendor's website.