Overview

CVE-2018-6510 - XSS Vulnerability in Puppet Enterprise Console

  • Posted May 1, 2018

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 5.4

Previous versions of Puppet Enterprise 2017.3 were vulnerable to a XSS attack when special crafted query was sent to the Orchestrator.

Status:

Affected software versions:

  • Puppet Enterprise 2017.3.x prior to 2017.3.6

Resolved in:

  • Puppet Enterprise 2017.3.6