The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-08-12T23:00:00

Updated: 2024-08-06T10:35:57.093Z

Reserved: 2014-05-07T00:00:00

Link: CVE-2014-3251

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-08-12T23:55:03.643

Modified: 2024-11-21T02:07:44.570

Link: CVE-2014-3251

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-07-15T00:00:00Z

Links: CVE-2014-3251 - Bugzilla