| Release | Version |
|---|---|
| jessie | 2.6.0+dfsg-2.1 |
| buster | 2.12.1+dfsg-1 |
| bullseye | 2.12.5+dfsg-1 |
| bookworm | 2.12.5+dfsg-1.1 |
| Bug | jessie | buster | bullseye | bookworm | Description |
|---|---|---|---|---|---|
| CVE-2017-2292 | vulnerable (no DSA) | fixed | fixed | fixed | Versions of MCollective prior to 2.10.4 deserialized YAML from agents ... |
| CVE-2016-2788 | vulnerable (no DSA) | fixed | fixed | fixed | MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ... |
| Bug | jessie | buster | bullseye | bookworm | Description |
|---|---|---|---|---|---|
| CVE-2014-0175 | vulnerable | vulnerable | vulnerable | vulnerable | mcollective has a default password set at install |
| Bug | Description |
|---|---|
| CVE-2014-3251 | The MCollective aes_security plugin, as used in Puppet Enterprise befo ... |
| CVE-2014-3248 | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2. ... |
| CVE-2014-0164 | openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise ... |