CVE-2014-3251
Summary
| CVE | CVE-2014-3251 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-08-12 23:55:00 UTC |
| Updated | 2019-07-10 18:10:00 UTC |
| Description | The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition. |
Risk And Classification
Problem Types: CWE-362
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Puppet | Puppet Enterprise | All | All | All | All |
| Application | Puppetlabs | Mcollective | - | All | All | All |
| Application | Puppetlabs | Mcollective | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| CVE-2014-3251 | Puppet Labs | CONFIRM | puppetlabs.com | Vendor Advisory |
| 109257 | OSVDB | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.