CVE-2018-6510
published 2018-05-08CVE-2018-6510: A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet_enterprise | < 2017.3.6 | 2017.3.6 |
| puppet | puppet_enterprise | >= 2017.3.x < 2017.3.6 | 2017.3.6 |