CVE-2015-7331

MEDIUM

Puppetlabs Mcollective-puppet-agent < 1.11.0 - Security Feature Bypass

Title source: rule

Description

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92432

[Vendor Advisory] https://puppet.com/security/cve/cve-2015-7331

Scores

CVSS v3 6.6

EPSS 0.0039

EPSS Percentile 59.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Classification

CWE

CWE-254

Status published

Affected Products (2)

puppetlabs/mcollective-puppet-agent < 1.11.0

n/a/n/a

Timeline

Published Jan 30, 2017

Tracked Since Feb 18, 2026