Puppet Enterprise < 2017.3.4 Code Execution Vulnerability
Medium Nessus Plugin ID 129758
SynopsisA web application running on the remote host is affected by a code execution vulnerability.
DescriptionAccording to its self-reported version number, the Puppet install running on the remote host is version 5.5.x prior to 2017.3.4. It is, therefore, affected by multiple vulnerabilities:
- a remote code execution vulnerability due to incorrect validation of strings in the facter_task or puppet_conf tasks. An unauthenticated remote attacker can exploit this issue to send a specially crafted string into the affected tasks to remotely execute code. (CVE-2018-6508)
- an information disclosure vulnerability exists. An unauthenticated remote attacker can exploit this issue to retrieve a facts from an environment it was not classified to retrieve from. (CVE-2017-10690)
SolutionUpgrade to Puppet Enterprise version 2016.4.12 / 2017.3.7 / 2018.1.1 or later.