Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-6508: CVE-2018-6508 - Remote code execution in Puppet Enterprise Tasks

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

CVE
#sql#vulnerability#apache
  • Posted February 5, 2018
  • Assessed Risk Level: High
  • CVSS 3 Base Score: 9.0

Previous versions of Puppet Enterprise 2017.3 were vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks.

Status:

Affected software versions:

  • Puppet Enterprise 2017.3.x prior to 2017.3.4
  • Puppetlabs/facter_task puppet module prior to 0.1.5
  • Puppetlabs/puppet_conf puppet module prior to 0.1.5
  • Puppetlabs/apt puppet module prior to 4.5.1
  • Puppetlabs/mysql puppet module prior to 5.2.1
  • Puppetlabs/apache puppet module prior to 2.3.1

Resolved in:

  • Puppet Enterprise 2017.3.4
  • Puppetlabs/facter_task puppet module 0.1.5
  • Puppetlabs/puppet_conf puppet module 0.1.5
  • Puppetlabs/apt puppet module 4.5.1
  • Puppetlabs/mysql puppet module 5.2.1
  • Puppetlabs/apache puppet module 2.3.1

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907