CVE-2014-3249Sensitive Information Exposure in Enterprise

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedJun 17
Latest updateMay 14

Description

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDpuppet/puppet_enterprise7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-rc63-f87j-5cf4: Puppet Enterprise 22022-05-14
CVEList
CVE-2014-3249: Puppet Enterprise 22014-06-17

📋Vendor Advisories

1
Debian
CVE-2014-3249: puppet - Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive...2014
CVE-2014-3249 — Sensitive Information Exposure | cvebase