Overview

CVE-2018-6515 - pxp-agent attempts to configure OpenSSL from uncontrolled location

  • Posted June 7, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 8.8

On Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.

Status:

Affected software versions:

  • Puppet Agent 1.10.x prior to 1.10.13
  • Puppet Agent 5.3.x prior to 5.3.7
  • Puppet Agent 5.5.x prior to 5.5.2

Resolved in:

  • Puppet Agent 1.10.13
  • Puppet Agent 5.3.7
  • Puppet Agent 5.5.2