CVE-2014-9355

Puppet Enterprise <3.7.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2014-9355
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61265

Scores

EPSS 0.0062
EPSS Percentile 45.2%

Details

CWE
CWE-200
Status published
Products (1)
puppet/puppet_enterprise < 3.7.0
Published Dec 19, 2014
Tracked Since Feb 18, 2026