Marionette Collective Security Vulnerabilities and Issues — Marionette Collective CVE List

Lucene search

PuppetMarionette Collective

3 matches found

CVE•added 2014/11/16 5:59 p.m.•118 views

CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan hors...

6.2CVSS6.8AI score0.00164EPSS

CVE•added 2019/12/13 1:15 p.m.•51 views

CVE-2014-0175

mcollective has a default password set at install

9.8CVSS9.5AI score0.00601EPSS

CVE•added 2017/02/13 6:59 p.m.•47 views

CVE-2016-2788

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

9.8CVSS9.6AI score0.02093EPSS