CVE-2014-9568 - Potential information leakage in puppetlabs-rabbitmq facts handling
Assessed Risk Level: Low An issue exists in puppetlabs-rabbitmq where the content of ‘/var/lib/rabbitmq/.erlang.cookie' is added to a node's facts. A non-privileged local user could access the RabbitMQ Erlang cookie value via Facter. In addition, the Erlang cookie information could be unintentionally exposed through third-party applications that display facts. Users should upgrade the puppetlabs-rabbitmq module to puppetlabs-rabbitmq 5.0. Please see http://puppetlabs.com/security/cve/cve-2014-9568 for more information. Geoff Nichols Release Engineer, Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwdjBZwpNq_kXCt5DCtA_brVz9BOEF9eW-Mk8Et11MoAg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
