CVE-2014-7170 : Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive inf

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

Published 2014-12-17 19:59:01

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-7170

Puppet » Puppet Server » Version: 0.2.0
cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-7170

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-7170

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-7170

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-7170

http://puppetlabs.com/security/cve/cve-2014-7170

CVE-2014-7170 | Puppet
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-7170

Products affected by CVE-2014-7170

Exploit prediction scoring system (EPSS) score for CVE-2014-7170

CVSS scores for CVE-2014-7170

CWE ids for CVE-2014-7170

References for CVE-2014-7170