{ "CVE_data_meta" : { "ASSIGNER" : "security@puppet.com", "DATE_PUBLIC" : "2017-06-30T00:00:00", "ID" : "CVE-2017-2298", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "mcollective", "version" : { "version_data" : [ { "version_value" : "< 0.5.1" } ] } } ] }, "vendor_name" : "Puppet" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string \"_pub.pem\"." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "missing input sanitization" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md", "refsource" : "CONFIRM", "url" : "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md" }, { "name" : "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2", "refsource" : "CONFIRM", "url" : "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2" }, { "name" : "https://puppet.com/security/cve/cve-2017-2298", "refsource" : "CONFIRM", "url" : "https://puppet.com/security/cve/cve-2017-2298" } ] } }