CVE-2014-9355 (Information Leakage in Puppet Enterprise Console)

  • Posted December 16, 2014

  • Assessed Risk Level: Medium

In Puppet Enterprise 3.7.0, an authenticated Puppet Enterprise Console user with no permissions could access certain API endpoints providing information about PE licensing and certificate signing requests.

CVSS v2 Score: 4.0

Vector AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:U/RC:C


Affected Software Versions:

  • Puppet Enterprise 3.7.0

Resolved in:

  • Puppet Enterprise 3.7.1