CVE-2014-9355 — Sensitive Information Exposure in Enterprise

CWE-200 — Sensitive Information Exposure4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.1%
top 73.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedDec 19
Latest updateMay 14

Description

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wrgx-77j9-vq8p: Puppet Enterprise before 3↗2022-05-14
â–¶
CVEList
CVE-2014-9355: Puppet Enterprise before 3↗2014-12-19
â–¶

📋Vendor Advisories

1
Debian
CVE-2014-9355: puppet - Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licen...↗2014
â–¶
CVE-2014-9355 — Sensitive Information Exposure | cvebase