Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9355

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-9355
Last Modified 22 Dec 2014 09:30:08
Published 19 Dec 2014 10:59:25
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9355

Summary

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

Vulnerable Systems

Application

  • Puppetlabs Puppet 3.7.0


References

SECUNIA - 61265

CONFIRM - http://puppetlabs.com/security/cve/cve-2014-9355


Last Updated: 27 May 2016 11:07:20