CVE-2017-2293

Published: Feb 1, 2018Modified: Nov 21, 2024

4.9

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.

Affected (5)

Products: Puppet: Puppet Enterprise

Puppet

1 product

Puppet Enterprise

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Before 2016.4.5
Puppet Puppet Enterprise	Version 2016.5.1
Puppet Puppet Enterprise	Version 2016.5.2
Puppet Puppet Enterprise	Version 2017.1.0
Puppet Puppet Enterprise	Version 2017.1.1

References (2)

https://puppet.com/security/cve/cve-2017-2293

Source: security@puppet.com

Vendor Advisory

https://puppet.com/security/cve/cve-2017-2293

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.