// For flags

CVE-2014-7170

 

Severity Score

1.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

Condición de carrera en Puppet Server 0.2.0 permite a usuarios locales obtener información sensible accediendo durante la instalación de un paquete o la actualización y durante el arranque del servicio.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-25 CVE Reserved
  • 2014-12-17 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
http://puppetlabs.com/security/cve/cve-2014-7170 2019-07-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Puppet
Search vendor "Puppet"
 Puppet Server
Search vendor "Puppet" for product "Puppet Server"
 0.2.0
Search vendor "Puppet" for product "Puppet Server" and version "0.2.0"
-
Affected