RSS   Podatności dla 'Mcollective'   RSS

2014-08-12
 
CVE-2014-3251

CWE-362
 

 
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

 

 >>> Vendor: Puppetlabs 15 Produkty
Puppet
Puppet enterprise users
Puppet enterprise
Puppet dashboard
Mcollective
Facter
Hiera
Marionette-collective
Puppet server
Stdlib
Rabbitmq
Puppetlabs-rabbitmq
Puppet agent
Mcollective-puppet-agent
Mcollective-sshkey-security


Copyright 2024, cxsecurity.com

 

Back to Top