Vulnerabilities (CVE)

Filtered by vendor Puppet Subscribe
Filtered by product Mcollective-sshkey-security
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2298 1 Puppet 1 Mcollective-sshkey-security 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".