CVE-2014-7170 — LOW (1.9) — White Hats Nepal

Vulnerability Description

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVSS Score

1.9

LOW

AV:L/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Puppet	Puppet Server	0.2.0

Related Weaknesses (CWE)

CWE-362

References

http://puppetlabs.com/security/cve/cve-2014-7170Vendor Advisory
http://puppetlabs.com/security/cve/cve-2014-7170Vendor Advisory

FAQ

What is CVE-2014-7170?

CVE-2014-7170 is a vulnerability with a CVSS score of 1.9 (LOW). Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

How severe is CVE-2014-7170?

CVE-2014-7170 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-7170?

Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet Server.