CVE-2018-6513
HIGHPuppet Agent 1.10.0-1.10.12 and Puppet Enterprise 2016.4.0-2016.4.11 - Untrusted Search Path
Title source: llmDescription
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://puppet.com/security/cve/CVE-2018-6513
Scores
CVSS v3
8.8
EPSS
0.0112
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (2)
puppet/puppet
1.10.0 - 1.10.13
puppet/puppet_enterprise
2016.4.0 - 2016.4.12
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026