Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6508

Опубликовано: 05 фев. 2018
Источник: redhat
CVSS3: 9

Описание

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)puppet-apacheNot affected
Red Hat OpenStack Platform 10 (Newton)puppet-mysqlNot affected
Red Hat OpenStack Platform 11 (Ocata)puppet-apacheNot affected
Red Hat OpenStack Platform 11 (Ocata)puppet-mysqlNot affected
Red Hat OpenStack Platform 12 (Pike)puppet-apacheNot affected
Red Hat OpenStack Platform 12 (Pike)puppet-mysqlNot affected
Red Hat OpenStack Platform 13 (Queens)puppet-apacheAffected
Red Hat OpenStack Platform 13 (Queens)puppet-mysqlAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=1542831puppet: Unparameterized input in multiple modules can allow a remote user to execute arbitrary code

9 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6508

CVSS3: 8
ubuntu
почти 8 лет назад

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

nvd логотип

CVE-2018-6508

CVSS3: 8
nvd
почти 8 лет назад

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

debian логотип

CVE-2018-6508

CVSS3: 8
debian
почти 8 лет назад

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remot ...

github логотип

GHSA-j433-wpfx-cxg3

CVSS3: 8
github
больше 3 лет назад

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

9 Critical

CVSS3