CVE-2014-3251
Puppet Enterprise < 3.3.0 and Mcollective < 2.5.3 - Race Condition in aes_security Plugin
Title source: llmDescription
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/109257
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2014-3251
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60066
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59356
Scores
EPSS
0.0018
EPSS Percentile
7.2%
Details
CWE
CWE-362
Status
published
Products (2)
puppet/puppet_enterprise
< 3.2.0
puppetlabs/mcollective
Published
Aug 12, 2014
Tracked Since
Feb 18, 2026