CVE-2018-6508

State: PUBLISHED · Published: 2018-02-09 · Updated: 2024-09-17 · Assigner: puppet

Description

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

CWE

(none)

Affected

Puppet / Puppet Enterprise — v=2017.3.x prior to 2017.3.4 [affected]
Puppet / puppetlabs/facter_task — v=prior to 0.1.5 [affected]
Puppet / puppetlabs/puppet_conf — v=prior to 0.1.5 [affected]
Puppet / puppetlabs/apt — v=prior to 4.5.1 [affected]
Puppet / puppetlabs/mysql — v=prior to 5.2.1 [affected]
Puppet / puppetlabs/apache — v=prior to 2.3.1 [affected]

CVSS

(none)

References

https://puppet.com/security/cve/CVE-2018-6508 x_refsource_CONFIRM
http://www.securityfocus.com/bid/103020 vdb-entry, x_refsource_BID

Source

cvelistV5-main/cves/2018/6xxx/CVE-2018-6508.json