Announce: CVE-2015-1029 - Vulnerability in puppetlabs-stdlib module fact cache

31 views

Skip to first unread message

Geoff Nichols

unread,

Jan 14, 2015, 8:39:53 PM1/14/15

to puppet...@googlegroups.com

CVE-2015-1029 - Vulnerability in puppetlabs-stdlib module fact cache

Assessed Risk Level: Low

An issue exists where a non-privileged user may, under certain circumstances, be able to pre-populate the puppetlabs-stdlib module’s fact cache, potentially allowing local privilege escalation or local information leakage.

Users should upgrade the puppetlabs-stdlib module to puppetlabs-stdlib 4.5.1.

Please see https://puppetlabs.com/security/cve/cve-2015-1029 for more information.

Geoff Nichols

Release Engineer, Puppet Labs

Reply all

Reply to author

Forward

0 new messages