CVE-2018-6508

CVE-2018-6508

EPSS 1.9%

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Productos afectados

Puppet · Puppet Enterprise Puppet · puppetlabs/apache Puppet · puppetlabs/apt Puppet · puppetlabs/facter_task Puppet · puppetlabs/mysql Puppet · puppetlabs/puppet_conf

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://puppet.com/security/cve/CVE-2018-6508 http://www.securityfocus.com/bid/103020