VYPR

Mcollective Sshkey Security

by Puppet (software)

CVEs (1)

  • CVE-2017-2298MedJun 30, 2017
    risk 0.42cvss 6.5epss 0.01

    The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string…