3 matches found
CVE-2018-6508
CVE-2018-6508 affects Puppet Enterprise 2017.3.x before 2017.3.3. It is a remote code execution vulnerability caused by accepting a specially crafted string in the facter_task or puppet_conf tasks. The issue only impacts the affected tasks/modules; if puppet tasks are not used, you may not be aff...
CVE-2018-6513
The vulnerability CVE-2018-6513 affects Puppet Enterprise and Puppet Agent: unprivileged Windows agents can write custom facts due to loading shared libraries from untrusted paths, enabling privilege escalation on the next puppet run. Affected: Puppet Enterprise 2016.4.x before 2016.4.12, 2017.3....
CVE-2018-11749
CVE-2018-11749 affects Puppet Enterprise when startTLS with RBAC LDAP is configured; at login time, user credentials are sent in plaintext to the LDAP server. Affected PE versions: 2018.1.3, 2017.3.9, and 2016.4.14. Fixes are available in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. Seve...