Vulnerability in Puppet Facter
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earl…
EPSS: 0.001 (22.6th percentile) — read the EPSS interpretation.
Affected products
- Puppet Facter — versions 2.0.0, 2.0.1
- Puppet Hiera
- Puppet Marionette_collective
- Puppet
- Puppet Puppet_enterprise
- Puppetlabs Facter
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 59197 (Technical Description, x_refsource_SECUNIA, third-party-advisory)
- 59200 (Technical Description, x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (Technical Description, Exploit, x_refsource_MISC)
- 68035 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)