3 matches found
Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities
According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A remote command execution vulnerability exists in the MCollective plugin due to unsafe YAML deserialization. An unauthenticated, remote attacker can exploit this to...
Puppet Enterprise < 2016.4.5, 2016.5.x < 2017.2.1 Multiple Vulnerabilities
Puppet Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:puppet:enterprise"; if...
CVE-2017-2294
CVE-2017-2294 affects Puppet Enterprise prior to 2016.4.5 or 2017.2.1, where MCollective server private keys were not marked as sensitive, allowing key values to be logged or stored in PuppetDB. The underlying issue is the absence of the sensitive data type for these keys, leading to potential in...