CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.4%

CVSS Severity

CVSS v3 Score 8.0

CVSS v2 Score 6.0

References

http://www.securityfocus.com/bid/103020
https://puppet.com/security/cve/CVE-2018-6508
http://www.securityfocus.com/bid/103020
https://puppet.com/security/cve/CVE-2018-6508

Products affected by CVE-2018-6508

Puppet » Puppet Enterprise » Version: 2017.3.0

cpe:2.3:a:puppet:puppet_enterprise:2017.3.0
Puppet » Puppet Enterprise » Version: 2017.3.1

cpe:2.3:a:puppet:puppet_enterprise:2017.3.1
Puppet » Puppet Enterprise » Version: 2017.3.2

cpe:2.3:a:puppet:puppet_enterprise:2017.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6508

Products

Pricing

Contact Us