Vigil@nce - Puppet Enterprise: multiple vulnerabilities
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Puppet Enterprise.
Impacted products: Puppet
Severity: 1/4
Creation date: 17/12/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Puppet Enterprise.
An attacker can use Rails Action Pack, in order to detect the
existence of files. [severity:1/4; CVE-2014-7828, CVE-2014-7829]
An attacker can use the Puppet Enterprise Console, in order to
obtain sensitive information. [severity:1/4; CVE-2014-9355]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Puppet-Enterprise-multiple-vulnerabilities-15840