FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

puppet-agent MCollective plugin -- Remote Code Execution vulnerability

Affected packages
mcollective-puppet-agent < 1.11.1


VuXML ID df502a2f-61f6-11e6-a461-643150d3111d
Discovery 2016-08-09
Entry 2016-08-15

Puppet reports:

Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.


CVE Name CVE-2015-7331