Lucene search
PRIOn knowledge basePRION:CVE-2017-2292HistoryJun 30, 2017 - 8:29 p.m.
Code injection
2017-06-3020:29:00
PRIOn knowledge base
www.prio-n.com
4
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mcollective | le | 2.10.3 |
Related
osv
osv
CVE-2017-2292
2017-06-30 20:29:00
nvd
nvd
CVE-2017-2292
2017-06-30 20:29:00
redhatcve
redhatcve
CVE-2017-2292
2017-07-12 11:50:01
debiancve
debiancve
CVE-2017-2292
2017-06-30 20:29:00
nessus
nessus
GLSA-201709-01 : MCollective: Remote Code Execution
2017-09-05 00:00:00
Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities
2019-10-09 00:00:00
veracode
veracode
Remote Code Execution (RCE) Through YAML Deserialization
2017-07-03 01:13:13
cve
cve
CVE-2017-2292
2017-06-30 20:29:00
ubuntucve
ubuntucve
CVE-2017-2292
2017-06-30 00:00:00
cvelist
cvelist
CVE-2017-2292
2017-05-11 00:00:00
gentoo
gentoo
MCollective: Remote Code Execution
2017-09-04 00:00:00
openvas
openvas
Puppet Enterprise < 2016.4.5, 2016.5.x < 2017.2.1 Multiple Vulnerabilities
2017-07-06 00:00:00