Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed arbitrary package installation or removal on managed agents. Default configuration now restricts these actions
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Prion | Default configuration | 1 Feb 201822:29 | – | prion |
Debian CVE | CVE-2017-2293 | 1 Feb 201822:29 | – | debiancve |
CVE | CVE-2017-2293 | 1 Feb 201822:29 | – | cve |
NVD | CVE-2017-2293 | 1 Feb 201822:29 | – | nvd |
OpenVAS | Puppet Enterprise < 2016.4.4 / 2017 < 2017.2.1 Multiple Vulnerabilities | 2 Feb 201800:00 | – | openvas |
OpenVAS | Puppet Enterprise < 2016.4.5, 2016.5.x < 2017.2.1 Multiple Vulnerabilities | 6 Jul 201700:00 | – | openvas |
Tenable Nessus | Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities | 9 Oct 201900:00 | – | nessus |
[
{
"product": "Puppet Enterprise",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 2016.4.5, 2016.5.x, 2017.1.x, resolved in 2016.4.5 and 2017.2.1"
}
]
}
]
Source | Link |
---|---|
puppet | www.puppet.com/security/cve/cve-2017-2293 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo