puppet security advisories

2 threat alerts tracking vulnerabilities and security advisories that affect puppet products.

Vulnios monitors puppet CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent puppet security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2017-2292 — puppet — mcollective
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.saf
criticalCVE-2017-2292
Critical Vulnerability: CVE-2016-2788 — puppet — marionette_collective, puppet_enterprise
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
criticalCVE-2016-2788

Track puppet exposure across your environment

Vulnios automatically cross-references your asset inventory against new puppet CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

puppet security advisories

Critical Vulnerability: CVE-2017-2292 — puppet — mcollective

Critical Vulnerability: CVE-2016-2788 — puppet — marionette_collective, puppet_enterprise

Track puppet exposure across your environment