CVE-2014-3251

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2014-3251

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-3251.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-3251

Downstream

DEBIAN-CVE-2014-3251

Published

2014-08-12T23:55:03Z

Modified

2025-04-12T10:46:40Z

Summary

[none]

Details

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

References

http://puppetlabs.com/security/cve/cve-2014-3251
http://secunia.com/advisories/59356
http://secunia.com/advisories/60066
http://www.osvdb.org/109257

CVE-2014-3251

Affected packages