Описание
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.10.4-2ubuntu1 |
| devel | not-affected | |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise/esm | DNE | |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | released | 4.7.0-1 |
| xenial | not-affected | code not present |
| zesty | ignored | end of life |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
Versions of Puppet Agent prior to 1.6.0 included a version of the Pupp ...
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3