CVSS 3 Base Score: 2.0Posted On: December 17, 2014Assessed Risk Level: Low Due to a packaging bug, there is a window between package installation/upgrade and service start where privileged data is accessible to non-privileged local users. This affects Puppet Server version 0.2.0. Status:Affected software versions:Resolved in:CVSS v2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C) Thanks to Dominic Cleal for responsibly disclosing this issue to us.← Back to CVE Listings