CVE-2014-7170 — Race Condition in Server

CWE-362 — Race Condition4 documents4 sources

Severity

1.9LOWNVD

EPSS

0.0%

top 86.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Server

Timeline

PublishedDec 17

Latest updateMay 14

Description

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDpuppet/puppet_server0.2.0

🔴Vulnerability Details

GHSA

GHSA-3m28-998q-cgj7: Race condition in Puppet Server 0↗2022-05-14

▶

CVEList

CVE-2014-7170: Race condition in Puppet Server 0↗2014-12-17

▶

📋Vendor Advisories

Debian

CVE-2014-7170: puppetserver - Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive inf...↗2014

▶