Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet Enterprise和MCollective Mcollective aes_security插件安全漏洞
Vulnerability Description
Puppet是美国Puppet实验室的一套基于客户端/服务器(C/S)架构的配置管理工具。MCollective是一个构建服务器编排(Server Orchestration)和并行工作执行系统的框架。 Puppet Enterprise 3.3.0之前版本和Mcollective 2.5.3之前版本中使用的MCollective aes_security插件中存在竞争条件漏洞,该漏洞源于程序正确验证基于CA认证的新服务器证书。本地攻击者可利用该漏洞建立未授权的Mcollective连接。
CVSS Information
N/A
Vulnerability Type
N/A