← volver
CVE-2017-2295

CVE-2017-2295

EPSS 2.4%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 2.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
05 jul 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
Productos afectados
Puppet · Puppet server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://puppet.com/security/cve/cve-2017-2295http://www.debian.org/security/2017/dsa-3862http://www.securityfocus.com/bid/98582