Candidate: CVE-2017-2294
PublicDate: 2017-07-05 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2294
 https://puppet.com/security/cve/cve-2017-2294
Description:
 Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark
 MCollective server private keys as sensitive (a feature added in Puppet
 4.6), so key values could be logged and stored in PuppetDB. These releases
 use the sensitive data type to ensure this won't happen anymore.
Ubuntu-Description:
Notes:
 sbeattie> debian/ubuntu do not enable/ship PuppetDb
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_puppet:
upstream_puppet: needs-triage
precise/esm_puppet: DNE
trusty_puppet: not-affected (PuppetDB not enabled)
trusty/esm_puppet: not-affected (PuppetDB not enabled)
vivid/ubuntu-core_puppet: DNE
xenial_puppet: not-affected (PuppetDB not enabled)
yakkety_puppet: not-affected (PuppetDB not enabled)
zesty_puppet: not-affected (PuppetDB not enabled)
devel_puppet: not-affected (PuppetDB not enabled)