Lucene search
Redhat.comRH:CVE-2017-2292HistoryJul 12, 2017 - 11:50 a.m.
CVE-2017-2292
2017-07-1211:50:01
redhat.com
access.redhat.com
7
0.001 Low
EPSS
Percentile
37.8%
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.
Related
osv
osv
CVE-2017-2292
2017-06-30 20:29:00
nvd
nvd
CVE-2017-2292
2017-06-30 20:29:00
debiancve
debiancve
CVE-2017-2292
2017-06-30 20:29:00
nessus
nessus
GLSA-201709-01 : MCollective: Remote Code Execution
2017-09-05 00:00:00
Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities
2019-10-09 00:00:00
veracode
veracode
Remote Code Execution (RCE) Through YAML Deserialization
2017-07-03 01:13:13
gentoo
gentoo
MCollective: Remote Code Execution
2017-09-04 00:00:00
cve
cve
CVE-2017-2292
2017-06-30 20:29:00
prion
prion
Code injection
2017-06-30 20:29:00
ubuntucve
ubuntucve
CVE-2017-2292
2017-06-30 00:00:00
cvelist
cvelist
CVE-2017-2292
2017-05-11 00:00:00
openvas
openvas
Puppet Enterprise < 2016.4.5, 2016.5.x < 2017.2.1 Multiple Vulnerabilities
2017-07-06 00:00:00