CVE 2014-7170

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

See the CVE page on Mitre.org for more details.