CVE-2017-2294 (retired)

Priority
Description
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark
MCollective server private keys as sensitive (a feature added in Puppet
4.6), so key values could be logged and stored in PuppetDB. These releases
use the sensitive data type to ensure this won't happen anymore.
Notes
sbeattiedebian/ubuntu do not enable/ship PuppetDb
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (PuppetDB not enabled)
More Information

Updated: 2019-10-09 07:59:47 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)