CVE-2013-1398

2014-03-14T12:55:04
ID CVE-2013-1398
Type cve
Reporter NVD
Modified 2014-03-25T20:28:30

Description

The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.