📦

marionette_collective

Vendor: puppet

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 21 Total Indexed

Avg. EPSS 0.84% Exploit Prob.

Latest CVE CVE-2014-0175 Dec 13

Security Vulnerability Index

Page 1 / 3

9.8 CVSS

CVE-2014-0175

mcollective has a default password set at install

EPSS: 0.48%

Severity: CRITICAL

Dec 13, 2019

9.8 CVSS

CVE-2016-2788

RCE

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

EPSS: 1.96%

Severity: CRITICAL

Feb 13, 2017

6.2 CVSS

CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

EPSS: 0.07%

Severity: MEDIUM

Nov 16, 2014

Displaying 3 of 21 Total Entries

1 2 3

Total 3 Sections