Vulnerability Details CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-6512
-
cpe:2.3:a:puppet:pe-razor-server:*
-
cpe:2.3:a:puppet:puppet_enterprise:2018.1.0
-
cpe:2.3:a:puppet:razor-server:0.14.0
-
cpe:2.3:a:puppet:razor-server:0.14.1
-
cpe:2.3:a:puppet:razor-server:0.15.0
-
cpe:2.3:a:puppet:razor-server:0.16.0
-
cpe:2.3:a:puppet:razor-server:0.16.1
-
cpe:2.3:a:puppet:razor-server:1.0.0
-
cpe:2.3:a:puppet:razor-server:1.0.1
-
cpe:2.3:a:puppet:razor-server:1.1.0
-
cpe:2.3:a:puppet:razor-server:1.2.0
-
cpe:2.3:a:puppet:razor-server:1.3.0
-
cpe:2.3:a:puppet:razor-server:1.4.0
-
cpe:2.3:a:puppet:razor-server:1.5.0
-
cpe:2.3:a:puppet:razor-server:1.6.0
-
cpe:2.3:a:puppet:razor-server:1.6.1
-
cpe:2.3:a:puppet:razor-server:1.7.0
-
cpe:2.3:a:puppet:razor-server:1.7.1
-
cpe:2.3:a:puppet:razor-server:1.8.0
-
cpe:2.3:a:puppet:razor-server:1.8.1
-
cpe:2.3:a:puppet:razor-server:1.9.0