Vulnerability in Puppet Puppet_server

CVE-2014-7170

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

Vulnerability class: Race Condition

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

Affected products

Puppet Puppet_server — versions 0.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)