← Back

Mcollective

mcollective

Vendor: Puppetlabs • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-3251
2Puppet
Puppetlabs
2Mcollective
Puppet Enterprise
May 6, 2026
Aug 12, 2014
N/A· v4
N/A· v3
4.4 MEDIUM· v2
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to est...Show more
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.Show less