📦

mcollective-sshkey-security

Vendor: puppet

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 0 Remote Access
Total CVEs 17 Total Indexed
Avg. EPSS 0.27% Exploit Prob.
Latest CVE CVE-2017-2298 Jun 30

Security Vulnerability Index

Page 1 / 2
6.5 CVSS
CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".

EPSS: 0.27%