CVE-2018-6515

Summary

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet AgentPuppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2affected

Weaknesses

  • Arbitrary Code Execution

ADP Enrichment

CVE Program Container

Additional References

References