A vulnerability was found in puppet-agent MCollective plugin. It previously allowed you to pass the '--server' argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. External References: https://puppet.com/security/cve/cve-2015-7331