Your submission was sent successfully! Close

CVE-2018-6508

Published: 9 February 2018

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Priority

Medium

CVSS 3 base score: 8.0

Status

Package Release Status
puppet-module-puppetlabs-apache
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
puppet-module-puppetlabs-apt
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
puppet-module-puppetlabs-mysql
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)