-
Posted June 7, 2018
-
Assessed Risk Level: High
-
CVSS 3 Base Score: 8.8
On Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Status:
Affected software versions:
- Puppet Agent 1.10.x prior to 1.10.13
- Puppet Agent 5.3.x prior to 5.3.7
- Puppet Agent 5.5.x prior to 5.5.2
Resolved in:
- Puppet Agent 1.10.13
- Puppet Agent 5.3.7
- Puppet Agent 5.5.2