{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-2293","title":"Title"},{"category":"description","text":"Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-2293","url":"https://www.suse.com/security/cve/CVE-2017-2293"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1078984 for CVE-2017-2293","url":"https://bugzilla.suse.com/1078984"}],"title":"SUSE CVE CVE-2017-2293","tracking":{"current_release_date":"2025-02-18T08:00:55Z","generator":{"date":"2023-02-15T04:53:04Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-2293","initial_release_date":"2023-02-15T04:53:04Z","revision_history":[{"date":"2023-02-15T04:53:04Z","number":"2","summary":"Current version"},{"date":"2025-01-01T09:20:07Z","number":"3","summary":"Current version"},{"date":"2025-02-18T08:00:55Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}