Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-2292

Опубликовано: 30 июн. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9

Описание

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needed
cosmic

not-affected

2.12.1+dfsg-1
devel

DNE

disco

not-affected

2.12.1+dfsg-1
eoan

not-affected

2.12.1+dfsg-1
esm-apps/bionic

needed

esm-apps/focal

not-affected

2.12.1+dfsg-1
esm-apps/jammy

not-affected

2.12.1+dfsg-1
esm-apps/noble

not-affected

2.12.1+dfsg-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%
0.01932
Низкий

7.5 High

CVSS2

9 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-2292

CVSS3: 8.1
redhat
больше 8 лет назад

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

nvd логотип

CVE-2017-2292

CVSS3: 9
nvd
больше 8 лет назад

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

debian логотип

CVE-2017-2292

CVSS3: 9
debian
больше 8 лет назад

Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...

github логотип

GHSA-9hgj-f7f3-cph7

CVSS3: 9
github
больше 3 лет назад

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

EPSS

Процентиль: 83%
0.01932
Низкий

7.5 High

CVSS2

9 Critical

CVSS3