Lucene search

Marionette Collective Security Vulnerabilities

cve

CVE-2014-0175

mcollective has a default password set at install

9.8CVSS

9.5AI Score

0.005EPSS

2019-12-13 01:15 PM

cve

CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan hors...

6.8AI Score

0.0004EPSS

2014-11-16 05:59 PM

cve

CVE-2016-2788

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

9.8CVSS

9.6AI Score

0.017EPSS

2017-02-13 06:59 PM