RSS   Podatności dla 'Marionette collective'   RSS

2019-12-13
 
CVE-2014-0175

CWE-798
 
 
mcollective has a default password set at install

 
2017-02-13
 
CVE-2016-2788

CWE-284
 
 
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

 
2014-11-16
 
CVE-2014-3248

CWE-17
 
 
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

 

 >>> Vendor: Puppet 19 Produkty
Puppet
Mcollective
Enterprise
Puppetlabs-apache
Chloride
Puppet enterprise
Puppet dashboard
Hiera
Marionette collective
Puppet server
Stdlib
Facter
Discovery
Puppet agent
Continuous delivery
Puppetdb
Remediate
Puppet connect
Firewall

Copyright 2024, cxsecurity.com

 

Back to Top