Information disclosure in Puppet Puppet_enterprise

CVE-2014-3249

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.

Vulnerability class: Information Disclosure

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

Affected products

Puppet Puppet_enterprise — versions 2.8.0, 2.8.1, 2.8.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

59197 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)