4 matches found
Puppet Enterprise MCollective Server Installs Arbitrary Package Vulnerability
Puppet is a set of configuration management tools based on a client/server C/S architecture from Puppet Labs in the United States, which can be used to manage profiles, users, cron tasks, packages, system services, etc.Puppet Enterprise is an enterprise version.MCollective Server is one of the...
CVE-2017-2294
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...
CVE-2017-2294
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...
CVE-2017-2294
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...