CVE-2017-2298
The CVE-2017-2298 entry concerns the mcollective-sshkey-security plugin for Puppet prior to version 0.5.1. The root cause is that the plugin uses a server-specified identifier as part of the path where a file is written, enabling a compromised server to cause a file to be written to an arbitrary ...