Search
Find a vulnerability
Search criteria
2 vulnerabilities found for puppetlabs/facter_task by Puppet
CVE-2018-6508 (GCVE-0-2018-6508)
Vulnerability from nvd – Published: 2018-02-09 20:00 – Updated: 2024-09-17 01:55
VLAI
Summary
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://puppet.com/security/cve/CVE-2018-6508 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103020 | vdb-entryx_refsource_BID |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Puppet | Puppet Enterprise |
Affected:
2017.3.x prior to 2017.3.4
|
|
| Puppet | puppetlabs/facter_task |
Affected:
prior to 0.1.5
|
|
| Puppet | puppetlabs/puppet_conf |
Affected:
prior to 0.1.5
|
|
| Puppet | puppetlabs/apt |
Affected:
prior to 4.5.1
|
|
| Puppet | puppetlabs/mysql |
Affected:
prior to 5.2.1
|
|
| Puppet | puppetlabs/apache |
Affected:
prior to 2.3.1
|
Date Public
2018-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2018-6508"
},
{
"name": "103020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Enterprise",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "2017.3.x prior to 2017.3.4"
}
]
},
{
"product": "puppetlabs/facter_task",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 0.1.5"
}
]
},
{
"product": "puppetlabs/puppet_conf",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 0.1.5"
}
]
},
{
"product": "puppetlabs/apt",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 4.5.1"
}
]
},
{
"product": "puppetlabs/mysql",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 5.2.1"
}
]
},
{
"product": "puppetlabs/apache",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 2.3.1"
}
]
}
],
"datePublic": "2018-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01.000Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/CVE-2018-6508"
},
{
"name": "103020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2018-02-05T00:00:00",
"ID": "CVE-2018-6508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Enterprise",
"version": {
"version_data": [
{
"version_value": "2017.3.x prior to 2017.3.4"
}
]
}
},
{
"product_name": "puppetlabs/facter_task",
"version": {
"version_data": [
{
"version_value": "prior to 0.1.5"
}
]
}
},
{
"product_name": "puppetlabs/puppet_conf",
"version": {
"version_data": [
{
"version_value": "prior to 0.1.5"
}
]
}
},
{
"product_name": "puppetlabs/apt",
"version": {
"version_data": [
{
"version_value": "prior to 4.5.1"
}
]
}
},
{
"product_name": "puppetlabs/mysql",
"version": {
"version_data": [
{
"version_value": "prior to 5.2.1"
}
]
}
},
{
"product_name": "puppetlabs/apache",
"version": {
"version_data": [
{
"version_value": "prior to 2.3.1"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-6508",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-6508"
},
{
"name": "103020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2018-6508",
"datePublished": "2018-02-09T20:00:00.000Z",
"dateReserved": "2018-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:55:41.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6508 (GCVE-0-2018-6508)
Vulnerability from cvelistv5 – Published: 2018-02-09 20:00 – Updated: 2024-09-17 01:55
VLAI
Summary
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://puppet.com/security/cve/CVE-2018-6508 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103020 | vdb-entryx_refsource_BID |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Puppet | Puppet Enterprise |
Affected:
2017.3.x prior to 2017.3.4
|
|
| Puppet | puppetlabs/facter_task |
Affected:
prior to 0.1.5
|
|
| Puppet | puppetlabs/puppet_conf |
Affected:
prior to 0.1.5
|
|
| Puppet | puppetlabs/apt |
Affected:
prior to 4.5.1
|
|
| Puppet | puppetlabs/mysql |
Affected:
prior to 5.2.1
|
|
| Puppet | puppetlabs/apache |
Affected:
prior to 2.3.1
|
Date Public
2018-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2018-6508"
},
{
"name": "103020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Enterprise",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "2017.3.x prior to 2017.3.4"
}
]
},
{
"product": "puppetlabs/facter_task",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 0.1.5"
}
]
},
{
"product": "puppetlabs/puppet_conf",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 0.1.5"
}
]
},
{
"product": "puppetlabs/apt",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 4.5.1"
}
]
},
{
"product": "puppetlabs/mysql",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 5.2.1"
}
]
},
{
"product": "puppetlabs/apache",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "prior to 2.3.1"
}
]
}
],
"datePublic": "2018-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01.000Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/CVE-2018-6508"
},
{
"name": "103020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2018-02-05T00:00:00",
"ID": "CVE-2018-6508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Enterprise",
"version": {
"version_data": [
{
"version_value": "2017.3.x prior to 2017.3.4"
}
]
}
},
{
"product_name": "puppetlabs/facter_task",
"version": {
"version_data": [
{
"version_value": "prior to 0.1.5"
}
]
}
},
{
"product_name": "puppetlabs/puppet_conf",
"version": {
"version_data": [
{
"version_value": "prior to 0.1.5"
}
]
}
},
{
"product_name": "puppetlabs/apt",
"version": {
"version_data": [
{
"version_value": "prior to 4.5.1"
}
]
}
},
{
"product_name": "puppetlabs/mysql",
"version": {
"version_data": [
{
"version_value": "prior to 5.2.1"
}
]
}
},
{
"product_name": "puppetlabs/apache",
"version": {
"version_data": [
{
"version_value": "prior to 2.3.1"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-6508",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-6508"
},
{
"name": "103020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2018-6508",
"datePublished": "2018-02-09T20:00:00.000Z",
"dateReserved": "2018-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:55:41.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}