{"containers": {"cna": {"affected": [{"product": "mcollective, Puppet, Puppet Enterprise", "vendor": "Puppet", "versions": [{"status": "affected", "version": "Puppet Enterprise prior to 2016.4.5, Puppet Enterprise 2016.5.x, Puppet Enterprise 2017.1.x, Puppet Agent prior to 1.10.1"}]}], "datePublic": "2017-05-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution Via YAML Deserialization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-05T09:57:01.000Z", "orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "puppet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2017-2292"}, {"name": "GLSA-201709-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@puppet.com", "DATE_PUBLIC": "2017-05-11T00:00:00", "ID": "CVE-2017-2292", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mcollective, Puppet, Puppet Enterprise", "version": {"version_data": [{"version_value": "Puppet Enterprise prior to 2016.4.5, Puppet Enterprise 2016.5.x, Puppet Enterprise 2017.1.x, Puppet Agent prior to 1.10.1"}]}}]}, "vendor_name": "Puppet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution Via YAML Deserialization"}]}]}, "references": {"reference_data": [{"name": "https://puppet.com/security/cve/cve-2017-2292", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2017-2292"}, {"name": "GLSA-201709-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:48:05.275Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2017-2292"}, {"name": "GLSA-201709-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201709-01"}]}]}, "cveMetadata": {"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "assignerShortName": "puppet", "cveId": "CVE-2017-2292", "datePublished": "2017-06-30T20:00:00.000Z", "dateReserved": "2016-12-01T00:00:00.000Z", "dateUpdated": "2024-09-16T23:52:02.685Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:mcollective:*:*:*:*:*:puppet:*:*", "matchCriteriaId": "AE3E7458-2D53-48ED-8FBC-E304CCEC4B06", "versionEndIncluding": "2.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior."}, {"lang": "es", "value": "YAML deserializado de las versiones anteriores a 2.10.4 de MCollective de agentes sin llamar a safe_load, permite la potencial ejecuci\u00f3n de c\u00f3digo arbitraria en el servidor. La soluci\u00f3n para esto es llamar a YAML.safe_load en la entrada. Esto ha sido probado en todos los plugins de MCollective suministrados por Puppet, pero se presenta la posibilidad de que los plugins de terceros puedan confiar en este comportamiento no seguro."}], "id": "CVE-2017-2292", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-30T20:29:00.170", "references": [{"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/cve-2017-2292"}, {"source": "security@puppet.com", "url": "https://security.gentoo.org/glsa/201709-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/cve-2017-2292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201709-01"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "mcollective: RCE via YAML deserialization", "id": "1470086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470086"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-502", "details": ["Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior."], "name": "CVE-2017-2292", "package_state": [{"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby193-mcollective", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2017-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2292\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2292\nhttps://puppet.com/security/cve/cve-2017-2292"], "threat_severity": "Important"}

{}