CVE-2017-2293 in Puppet Enterpriseinfo

Zusammenfassung

von MITRE

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

01.12.2016

Veröffentlichung

01.02.2018

Moderieren

akzeptiert

Eintrag

VDB-112722

CPE

bereit

CWE

CWE-254 (bestätigt)

CVSS

4.9 (NVD)

EPSS

0.00225

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Chemical, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2293
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2293
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2293/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!