puppet-agent MCollective plugin -- Remote Code Execution vulnerability
Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright