Main Vulnerability Database Vulnerabilities #VU41547

#VU41547 Information disclosure in Puppet Enterprise - CVE-2014-3249

Published: June 17, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41547

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-3249

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Puppet Enterprise

Software vendor:
Puppet Labs

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.

Install update from vendor's website.