VYPR

Marionette Collective

by Puppet (software)

CVEs (2)

  • CVE-2016-2788CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

  • CVE-2014-3248Nov 16, 2014
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain…