CVSS 3 Base Score:
2.0

Posted On:

Assessed Risk Level:
Low

Due to a packaging bug, there is a window between package installation/upgrade and service start where privileged data is accessible to non-privileged local users. This affects Puppet Server version 0.2.0.

Status:

Affected software versions:Resolved in:

CVSS v2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C) Thanks to Dominic Cleal for responsibly disclosing this issue to us.