📦

mcollective

Vendor: puppetlabs

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 0 Remote Access
Total CVEs 3 Total Indexed
Avg. EPSS 0.03% Exploit Prob.
Latest CVE CVE-2014-3251 Aug 12

Security Vulnerability Index

Page 1 / 1
4.4 CVSS
CVE-2014-3251

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

EPSS: 0.03%