CVE-2018-6515 - pxp-agent Attempts to Configure OpenSSL from Uncontrolled Location

  • Posted June 7, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 8.8

On Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.

Status:

Affected software versions:

  • Puppet Agent 1.10.x prior to 1.10.13
  • Puppet Agent 5.3.x prior to 5.3.7
  • Puppet Agent 5.5.x prior to 5.5.2

Resolved in:

  • Puppet Agent 1.10.13
  • Puppet Agent 5.3.7
  • Puppet Agent 5.5.2
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.