CVE-2017-2292

Summary

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

Affected Software

VendorProductVersion RangeStatus
Puppetmcollective, Puppet, Puppet EnterprisePuppet Enterprise prior to 2016.4.5, Puppet Enterprise 2016.5.x, Puppet Enterprise 2017.1.x, Puppet Agent prior to 1.10.1affected

Weaknesses

  • Remote Code Execution Via YAML Deserialization

ADP Enrichment

CVE Program Container

Additional References

References