Vulnerability in Puppet Enterprise
CVE-2018-6508
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if y…
EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.
Affected products
- Puppet Enterprise — versions 2017.3.x prior to 2017.3.4
- Puppet Puppetlabs/apache — versions prior to 2.3.1
- Puppet Puppetlabs/apt — versions prior to 4.5.1
- Puppet Puppetlabs/facter_task — versions prior to 0.1.5
- Puppet Puppetlabs/mysql — versions prior to 5.2.1
- Puppet Puppetlabs/puppet_conf — versions prior to 0.1.5
References
- puppet.com/security/cve/CVE-2018-6508 (x_refsource_CONFIRM)
- 103020 (vdb-entry, x_refsource_BID)