Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-2298

UNKNOWN
Published 2017-06-30T20:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-2298. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Puppet

mcollective

Affected Versions:

< 0.5.1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-3wcp-fjfh-pw9r

Advisory Details

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-2298
WEB https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2
WEB https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md
WEB https://puppet.com/security/cve/cve-2017-2298

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md
https://puppet.com/security/cve/cve-2017-2298
https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2
Published: 2017-06-30T20:00:00Z
Last Modified: 2024-09-16T18:08:33.665Z
Copied to clipboard!