Search criteria
9 vulnerabilities found for marionette_collective by puppet
FKIE_CVE-2014-0175
Vulnerability from fkie_nvd - Published: 2019-12-13 13:15 - Updated: 2024-11-21 02:01
Severity ?
Summary
mcollective has a default password set at install
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2014-0175 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2014-0175 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2014-0175 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2014-0175 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | marionette_collective | - | |
| redhat | openshift | 1.0 | |
| redhat | openshift | 2.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD29A508-E9F1-4D6F-ACD6-795F20F8DE2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "6D63189E-7BFC-438B-A583-1901BBC15CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mcollective has a default password set at install"
},
{
"lang": "es",
"value": "mcollective presenta una contrase\u00f1a predeterminada establecida en la instalaci\u00f3n."
}
],
"id": "CVE-2014-0175",
"lastModified": "2024-11-21T02:01:33.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T13:15:10.820",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2788
Vulnerability from fkie_nvd - Published: 2017-02-13 18:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://puppet.com/security/cve/cve-2016-2788 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/cve-2016-2788 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | marionette_collective | 2.7.0 | |
| puppet | marionette_collective | 2.8.0 | |
| puppet | marionette_collective | 2.8.1 | |
| puppet | marionette_collective | 2.8.2 | |
| puppet | marionette_collective | 2.8.3 | |
| puppet | marionette_collective | 2.8.4 | |
| puppet | marionette_collective | 2.8.5 | |
| puppet | marionette_collective | 2.8.6 | |
| puppet | marionette_collective | 2.8.7 | |
| puppet | marionette_collective | 2.8.8 | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0EB05D-AE08-45A2-AEBE-7BA8C8A7FC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "474D09A3-335E-4DEF-8E42-B1A51312D20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A41B514E-4982-4F62-AD7F-E76575E186A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24135E65-DC11-4F51-B511-264E5D55CDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42F60001-AB26-4859-B5FB-F9A5AC16DEF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFD6C37-2A11-4B3B-AEC2-C7F278086DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "953ACD12-7530-4A0D-9495-BD274162397E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC349A07-F050-47BB-9B9B-44AF15624F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "01C08F38-8B61-461D-AEB8-C34898C7702A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F32EA9-939E-4E8B-8DD6-D66929AC3C8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B9E094-D386-4B81-8A62-577B5FA1B73E",
"versionEndExcluding": "3.8.6",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57C3DF70-5EFE-4A95-846C-75DBBDCBB7F4",
"versionEndExcluding": "2016.2.1",
"versionStartIncluding": "2016.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command."
},
{
"lang": "es",
"value": "MCollective 2.7.0 y 2.8.x en versiones anteriores a 2.8.9, como se utiliza en Puppet Enterprise, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con el comando mco ping."
}
],
"id": "CVE-2016-2788",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T18:59:00.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/cve-2016-2788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3248
Vulnerability from fkie_nvd - Published: 2014-11-16 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://puppetlabs.com/security/cve/cve-2014-3248 | Vendor Advisory | |
| cve@mitre.org | http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/ | Exploit, Technical Description | |
| cve@mitre.org | http://secunia.com/advisories/59197 | Technical Description | |
| cve@mitre.org | http://secunia.com/advisories/59200 | Technical Description | |
| cve@mitre.org | http://www.securityfocus.com/bid/68035 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://puppetlabs.com/security/cve/cve-2014-3248 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/ | Exploit, Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59197 | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59200 | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68035 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppetlabs | facter | * | |
| puppet | marionette_collective | * | |
| puppet | hiera | * | |
| puppet | puppet | * | |
| puppet | puppet | * | |
| puppet | puppet_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "163FF08E-1931-4A51-B309-FDF7518BF1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD66B12-AEF4-4AB6-BD19-860139A1318F",
"versionEndIncluding": "1.6.18",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9AFF67-3EE5-4C7A-8344-B5CEEA140B80",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8C556F-51B7-492B-B9DD-FFCF2C47AC8A",
"versionEndExcluding": "1.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD170C7-36AF-4316-8E69-8B8C2794DF76",
"versionEndExcluding": "2.7.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF59DB1B-A958-42D3-BE68-71FA5CB32EF4",
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30CB38D-C799-4CA8-AB51-8A8A1DEEA1E9",
"versionEndExcluding": "2.8.7",
"versionStartIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a trav\u00e9s de un troyano en un archivo, se demostr\u00f3 usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine."
}
],
"id": "CVE-2014-3248",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T17:59:03.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59197"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59200"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0175 (GCVE-0-2014-0175)
Vulnerability from cvelistv5 – Published: 2019-12-13 12:40 – Updated: 2024-08-06 09:05
VLAI?
Summary
mcollective has a default password set at install
Severity ?
No CVSS data available.
CWE
- password set at install
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mcollective | mcollective |
Affected:
2.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mcollective",
"vendor": "mcollective",
"versions": [
{
"status": "affected",
"version": "2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mcollective has a default password set at install"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password set at install",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T12:40:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0175"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0175",
"datePublished": "2019-12-13T12:40:38",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2788 (GCVE-0-2016-2788)
Vulnerability from cvelistv5 – Published: 2017-02-13 18:00 – Updated: 2024-08-05 23:32
VLAI?
Summary
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-13T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2016-2788",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2788",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-02-29T00:00:00",
"dateUpdated": "2024-08-05T23:32:21.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3248 (GCVE-0-2014-3248)
Vulnerability from cvelistv5 – Published: 2014-11-16 17:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59200"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59200"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3248",
"datePublished": "2014-11-16T17:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0175 (GCVE-0-2014-0175)
Vulnerability from nvd – Published: 2019-12-13 12:40 – Updated: 2024-08-06 09:05
VLAI?
Summary
mcollective has a default password set at install
Severity ?
No CVSS data available.
CWE
- password set at install
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mcollective | mcollective |
Affected:
2.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mcollective",
"vendor": "mcollective",
"versions": [
{
"status": "affected",
"version": "2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mcollective has a default password set at install"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password set at install",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T12:40:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0175"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0175",
"datePublished": "2019-12-13T12:40:38",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2788 (GCVE-0-2016-2788)
Vulnerability from nvd – Published: 2017-02-13 18:00 – Updated: 2024-08-05 23:32
VLAI?
Summary
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-13T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2016-2788",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2016-2788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2788",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-02-29T00:00:00",
"dateUpdated": "2024-08-05T23:32:21.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3248 (GCVE-0-2014-3248)
Vulnerability from nvd – Published: 2014-11-16 17:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59200"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59200"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3248",
"datePublished": "2014-11-16T17:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}