{
  "id": "CVE-2017-2292",
  "sourceIdentifier": "security@puppet.com",
  "published": "2017-06-30T20:29:00.170",
  "lastModified": "2017-09-06T01:29:01.733",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior."
    },
    {
      "lang": "es",
      "value": "YAML deserializado de las versiones anteriores a 2.10.4 de MCollective de agentes sin llamar a safe_load, permite la potencial ejecuci\u00f3n de c\u00f3digo arbitraria en el servidor. La soluci\u00f3n para esto es llamar a YAML.safe_load en la entrada. Esto ha sido probado en todos los plugins de MCollective suministrados por Puppet, pero se presenta la posibilidad de que los plugins de terceros puedan confiar en este comportamiento no seguro."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:puppet:mcollective:*:*:*:*:*:puppet:*:*",
              "versionEndIncluding": "2.10.3",
              "matchCriteriaId": "AE3E7458-2D53-48ED-8FBC-E304CCEC4B06"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://puppet.com/security/cve/cve-2017-2292",
      "source": "security@puppet.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://security.gentoo.org/glsa/201709-01",
      "source": "security@puppet.com"
    }
  ]
}