0.001 Low
EPSS
Percentile
27.2%
puppet gem is vulnerable to privilege escalation. It does not prevent the loading of DLL modules from the directories created by any authenticated users on Windows, thereby allowing the user to load attacker-controlled DLL modules.
groups.google.com/forum/#!topic/puppet-announce/ZVtzNPUrKhY
puppet.com/docs/puppet/5.5/release_notes_agent.html
puppet.com/security/cve/CVE-2018-6514