CVE-2018-6515
published 2018-06-11CVE-2018-6515: Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet | >= 1.10.0 < 1.10.13 | 1.10.13 |
| puppet | puppet | >= 5.3.0 < 5.3.7 | 5.3.7 |
| puppet | puppet | >= 5.5.0 < 5.5.2 | 5.5.2 |
| puppet | puppet_agent | — | — |