CVE-2014-3251
N/A
N/A
Summary
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.osvdb.org/109257
- http://puppetlabs.com/security/cve/cve-2014-3251
- http://secunia.com/advisories/60066
- http://secunia.com/advisories/59356
References
- http://www.osvdb.org/109257
- http://puppetlabs.com/security/cve/cve-2014-3251
- http://secunia.com/advisories/60066
- http://secunia.com/advisories/59356
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.