PT-2017-15330 · Puppet · Mcollective-Puppet-Agent

Published

2017-03-03

Updated

2021-09-09

CVE-2017-2290

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions mcollective-puppet-agent version 1.12.0

Description A security issue allows a non-administrator user to create an executable that will be executed with administrator privileges on the next "mco puppet" run. This issue does not affect Puppet Enterprise users.

Recommendations For mcollective-puppet-agent version 1.12.0, update to version 1.12.1 to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2017-2290

Affected Products

Mcollective-Puppet-Agent

PT-2017-15330 · Puppet · Mcollective-Puppet-Agent

CVE-2017-2290

Weakness Enumeration

Related Identifiers

Affected Products

References · 4