Puppetlabs Mcollective-puppet-agent 1.11.0 option Execute Code Vulnerability
The original article can be found at: http://www.securityfocus.com/bid/92432
* Puppetlabs Mcollective-puppet-agent 1.11.0
Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `–server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.
Publish Date : 2017-01-30
Last Update Date : 2017-02-24