3 matches found
CVE-2014-3248
CVE-2014-3248 documents an untrusted search path vulnerability affecting Puppet-related components. Affected software includes Puppet Enterprise 2.8 (before 2.8.7), Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, runn...
CVE-2014-0175
CVE-2014-0175 relates to mcollective with a default password set at installation. Connected sources corroborate an unpatched/default-credential condition affecting mcollective; CVSS metrics indicate high risk (Network, low attack complexity, no authentication required, partial confidentiality/int...
CVE-2016-2788
CVE-2016-2788 affects MCollective in Puppet Enterprise (2.7.0 and 2.8.x prior to 2.8.9). The vulnerability allows a remote attacker to execute arbitrary code via vectors related to the mco ping command, due to insecure processing within the mcollective component used by Puppet Enterprise. The con...