14 matches found
EUVD-2017-11473
Malware in sbrugna...
mcollective-puppet-agent elevation of privilege vulnerability
Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. mcollective-puppet-agent is a framework used to run agents in Puppet...
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-age...
Design/Logic Flaw
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-age...
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-age...
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin (version 1.12.0), a non-administrator can place an executable that will run with administrator privileges on the next mco puppet run. Puppet Enterprise users are not affected. The issue is resolved in mcollective-puppet-agent 1.12.1....
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-age...
CVE-2015-7331
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument...
Code injection
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument...
CVE-2015-7331
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument...
CVE-2015-7331
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument...
CVE-2015-7331
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument...
CVE-2015-7331
CVE-2015-7331 affects the mcollective-puppet-agent plugin prior to 1.11.1 for Puppet, allowing remote code execution via the --server argument. The vulnerability enables an unauthenticated, remote attacker to execute arbitrary code in the context of the affected application. Supporting documents ...
Puppet Enterprise and mcollective-puppet-agent remote code execution vulnerabilities
Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. A remote code execution vulnerability...