-
Posted February 5, 2018
-
Assessed Risk Level: High
-
CVSS 3 Base Score: 9.0
Previous versions of Puppet Enterprise 2017.3 were vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks.
Status:
Affected software versions:
- Puppet Enterprise 2017.3.x prior to 2017.3.4
- Puppetlabs/facter_task puppet module prior to 0.1.5
- Puppetlabs/puppet_conf puppet module prior to 0.1.5
- Puppetlabs/apt puppet module prior to 4.5.1
- Puppetlabs/mysql puppet module prior to 5.2.1
- Puppetlabs/apache puppet module prior to 2.3.1
Resolved in:
- Puppet Enterprise 2017.3.4
- Puppetlabs/facter_task puppet module 0.1.5
- Puppetlabs/puppet_conf puppet module 0.1.5
- Puppetlabs/apt puppet module 4.5.1
- Puppetlabs/mysql puppet module 5.2.1
- Puppetlabs/apache puppet module 2.3.1