Unrated severityNVD Advisory· Published Feb 9, 2018· Updated Sep 17, 2024

CVE-2018-6508

Description

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Affected products

Puppet (software)/Puppet Enterprisellm-fuzzy2 versions
<2017.3.3+ 1 more
- (no CPE)range: <2017.3.3
- (no CPE)range: 2017.3.x prior to 2017.3.4
Puppet (software)/Puppetlabs Apachecpe-rescue2 versions
prior to 2.3.1+ 1 more
- (no CPE)range: prior to 2.3.1
- (no CPE)range: prior to 4.5.1
Puppet/puppetlabs/facter_taskv5
Range: prior to 0.1.5
Puppet (software)/Puppetlabs Mysqlcpe-rescue
Range: prior to 5.2.1
Puppet/puppetlabs/puppet_confv5
Range: prior to 0.1.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/103020mitrevdb-entryx_refsource_BID
puppet.com/security/cve/CVE-2018-6508mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000