Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet Enterprise MCollective服务器安全漏洞
Vulnerability Description
Puppet是美国Puppet实验室的一套基于客户端/服务器(C/S)架构的配置管理工具,它可用于管理配置文件、用户、cron任务、软件包、系统服务等。Puppet Enterprise是一个企业版。MCollective Server是其中的一个MCollective服务器。 Puppet Enterprise 2016.4.5之前版本和2017.2.1之前版本中的MCollective服务器存在安全漏洞。攻击者可利用该漏洞安装或删除代理上的任意包。
CVSS Information
N/A
Vulnerability Type
N/A