CVE-2018-6508

CVE-2018-6508

EPSS 1.9%

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Produtos afetados

Puppet · Puppet Enterprise Puppet · puppetlabs/apache Puppet · puppetlabs/apt Puppet · puppetlabs/facter_task Puppet · puppetlabs/mysql Puppet · puppetlabs/puppet_conf

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://puppet.com/security/cve/CVE-2018-6508 http://www.securityfocus.com/bid/103020