CVE-2016-2788

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-2788
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2788.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2788
Downstream
Published
2017-02-13T18:59:00.457Z
Modified
2026-03-12T22:16:22.288177Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

References

Affected packages

Git / github.com/puppetlabs/marionette-collective

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/marionette-collective
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
07cb2f2eacd9c14c063a781e9febc09db566938a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d3c6dcee6ebfdea75546d895bcea3dc319bd93ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
39b56d206e8866a4af2046ab20fb412442f044c0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
10e8aab117ea714a9544b66415bf40dc5297f3be
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
69e4d3024d6ed178dfc18030c4f42092121ed91d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
88373f7be33a83ca8d2833525914836966ed24e1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e9f5657f07bb878a87463f7344dd9b949a53c170
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4b42f1b98199f52578f21c73dc27400651119bf3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a28c1afe18b619c05e18c98b68007e4327fd425c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d427e2632abe360f8a7f41d8ccc6628a2c43e48
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.8"
        }
    ]
}

Affected versions

0.*
0.4.10
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
1.*
1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.4.0-rc1
2.4.0-rc2
2.4.1
2.5.0
2.5.0-rc1
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.7.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "3.8.0"
            },
            {
                "fixed": "3.8.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2016.2.0"
            },
            {
                "fixed": "2016.2.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2788.json"