Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.Referenceshttp://secunia.com/advisories/59197http://puppetlabs.com/security/cve/cve-2014-3249
