Vulnerabilities > Puppet > Marionette Collective
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-13 | CVE-2014-0175 | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
| 2017-02-13 | CVE-2016-2788 | Improper Access Control vulnerability in Puppet Marionette Collective and Puppet Enterprise MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | 9.8 |