Skip to main content

Marionette Collective

2 CVEs product

Monthly

CVE-2016-2788 CRITICAL Act Now

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Marionette Collective Puppet Enterprise
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2014-3248 Ruby MEDIUM POC PATCH This Month

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before. Rated medium severity (CVSS 6.2). Public exploit code available.

Information Disclosure Facter Marionette Collective Hiera Puppet +1
NVD
CVSS 2.0
6.2
EPSS
0.1%
EPSS 2% CVSS 9.8
CRITICAL Act Now

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Marionette Collective +1
NVD
EPSS 0% CVSS 6.2
MEDIUM POC PATCH This Month

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before. Rated medium severity (CVSS 6.2). Public exploit code available.

Information Disclosure Facter Marionette Collective +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy