// For flags

CVE-2017-2293

 

Severity Score

4.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.

Las versiones de Puppet Enterprise anteriores a 2016.4.5 o 2017.2.1 fueron publicadas con una configuración de MCollective que permitía que el plugin package instale o elimine paquetes arbitrarios en todos los agentes que gestiona. Esta publicación añade la configuración por defecto para no permitir estas acciones. Los clientes que confíen en esta funcionalidad pueden cambiar esta política.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-01 CVE Reserved
  • 2018-02-01 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Puppet
Search vendor "Puppet"
Puppet Enterprise
Search vendor "Puppet" for product "Puppet Enterprise"
< 2016.4.5
Search vendor "Puppet" for product "Puppet Enterprise" and version " < 2016.4.5"
-
Affected
Puppet
Search vendor "Puppet"
Puppet Enterprise
Search vendor "Puppet" for product "Puppet Enterprise"
2016.5.1
Search vendor "Puppet" for product "Puppet Enterprise" and version "2016.5.1"
-
Affected
Puppet
Search vendor "Puppet"
Puppet Enterprise
Search vendor "Puppet" for product "Puppet Enterprise"
2016.5.2
Search vendor "Puppet" for product "Puppet Enterprise" and version "2016.5.2"
-
Affected
Puppet
Search vendor "Puppet"
Puppet Enterprise
Search vendor "Puppet" for product "Puppet Enterprise"
2017.1.0
Search vendor "Puppet" for product "Puppet Enterprise" and version "2017.1.0"
-
Affected
Puppet
Search vendor "Puppet"
Puppet Enterprise
Search vendor "Puppet" for product "Puppet Enterprise"
2017.1.1
Search vendor "Puppet" for product "Puppet Enterprise" and version "2017.1.1"
-
Affected