- Home
- CVEs with nessus.description==According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities :
- A privilege escalation vulnerability related to input validation and paths exists in the bundled Ruby environment. An attacker could trick a privileged user into executing arbitrary code by convincing the user to change directories and then run Puppet.
(CVE-2014-3248)
- An error exists related to the console role that could allow unauthenticated users to obtain sensitive information by hiding and unhiding nodes. Note that this issue only affects Puppet Enterprise installs.
(CVE-2014-3249)
- An error exists related to configurations including Apache 2.4 and the mod_ssl 'SSLCARevocationCheck' that could allow an attacker to obtain sensitive information. Note that this issue does not affect Puppet Enterprise installs. (CVE-2014-3250)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top