Your submission was sent successfully! Close

CVE-2017-2294

Published: 05 July 2017

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
puppet
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(PuppetDB not enabled)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(PuppetDB not enabled)