Overview

CVE-2018-6512 - Pre-install Vulnerability in Razor-Server

  • Posted June 7, 2018

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 6.1

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server.

Status:

Affected software versions:

  • Puppet Enterprise 2018.1.x prior to 2018.1.1
  • razor-server and pe-razor-server prior to 1.9.0.0

Resolved in:

  • Puppet Enterprise 2018.1.1
  • razor-server and pe-razor-server 1.9.0.0