Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2788

Опубликовано: 09 авг. 2016
Источник: redhat
CVSS3: 6.1
CVSS2: 4.9
EPSS Низкий

Описание

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

Отчет

This issue affects Red Hat Enterprise OpenShift 2. Red Hat Product Security has rated this issue as having Moderate security impact. A futur e update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 2ruby193-mcollectiveWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1365799mcollective: Improper validation of fields in MCollective pings

EPSS

Процентиль: 83%
0.01957
Низкий

6.1 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2788

CVSS3: 9.8
ubuntu
почти 9 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

nvd логотип

CVE-2016-2788

CVSS3: 9.8
nvd
почти 9 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

debian логотип

CVE-2016-2788

CVSS3: 9.8
debian
почти 9 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ...

github логотип

GHSA-v3fx-f8x7-f9vf

CVSS3: 9.8
github
больше 3 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

EPSS

Процентиль: 83%
0.01957
Низкий

6.1 Medium

CVSS3

4.9 Medium

CVSS2