CVE-2017-2293
N/A
N/A
Summary
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Puppet | Puppet Enterprise | prior to 2016.4.5, 2016.5.x, 2017.1.x, resolved in 2016.4.5 and 2017.2.1 | affected |
Weaknesses
- Privilege Escalation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.