A number of cases of unescaped client data used in shell commands were fixed in bcfg2 ,. The SSHbase plugin has been confirmed as being exploitable, which would allow a remote attacker to execute arbitrary code on the bcfg2 server if the SSHbase plugin were enabled and the attacker had control of a bcfg2 client machine.
Fixes in the 1.2 pre-release series  and a backport to the 1.1 series  are available.
Created bcfg2 tracking bugs for this issue
Affects: fedora-all [bug 735238]
Affects: epel-all [bug 735239]
*** This bug has been marked as a duplicate of bug 736279 ***