Marionette Collective

marionette_collective

Vendor: Puppet • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0175 3Debian PuppetRedhat 3Debian Linux Marionette CollectiveOpenshift Nov 21, 2024 Dec 13, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 mcollective has a default password set at install
CVE-2016-2788 1Puppet 2Marionette Collective Puppet Enterprise May 13, 2026 Feb 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
CVE-2014-3248 2Puppet Puppetlabs 6Facter FacterHiera+3 more May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with...Show more Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.Show less