Unrated severityNVD Advisory· Published Aug 12, 2014· Updated May 6, 2026

CVE-2014-3251

Description

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

Affected products

Puppetlabs/Mcollective
cpe:2.3:a:puppetlabs:mcollective:-:*:*:*:*:*:*:*
Puppet (software)/Puppet Enterprise
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Range: <=3.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

puppetlabs.com/security/cve/cve-2014-3251nvdVendor Advisory
secunia.com/advisories/59356nvd
secunia.com/advisories/60066nvd
www.osvdb.org/109257nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000