CVE-2018-6512
https://notcve.org/view.php?id=CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. Las versión anterior de Puppet Enterprise 2018.1 es vulnerable a la ejecución de código inseguro cuando se actualiza pe-razor-server. Las versiones de Puppet Enterprise afectadas son: versiones 2018.1.x anteriores a la 2018.1.1 y razor-server y pe-razor-server anteriores a la 1.9.0.0. • https://puppet.com/security/cve/CVE-2018-6512 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-6515
https://notcve.org/view.php?id=CVE-2018-6515
Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation. En Puppet Agent en versiones 1.10.x anteriores a la 1.10.13, Puppet Agent 5.3.x anteriores a la 5.3.7, Puppet Agent 5.5.x anteriores a la 5.5.2 solo en Windows, con un archivo de configuración especialmente manipulado, un atacante podría hacer que pxp-agent cargue código arbitrario con escalado de privilegios. • https://puppet.com/security/cve/CVE-2018-6515 • CWE-20: Improper Input Validation •
CVE-2018-6514
https://notcve.org/view.php?id=CVE-2018-6514
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. En Puppet Agent en versiones 1.10.x anteriores a la 1.10.13, Puppet Agent 5.3.x anteriores a la 5.3.7, Puppet Agent 5.5.x anteriores a la 5.5.2, Facter en Windows es vulnerable a un ataque de precarga de DLL, lo que podría conducir a un escalado de privilegios. • https://puppet.com/security/cve/CVE-2018-6514 • CWE-426: Untrusted Search Path •
CVE-2018-6511 – XSS Vulnerability in Puppet Enterprise Console
https://notcve.org/view.php?id=CVE-2018-6511
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. Una vulnerabilidad Cross-Site Scripting (XSS) en Puppet Enterprise Console de Puppet Enterprise permite que un usuario inyecte scripts en Puppet Enterprise Console cuando se utiliza Puppet Enterprise Console. Las versiones de Puppet Puppet Enterprise afectadas son: versiones 2017.3.x anteriores al 2017.3.6. • https://puppet.com/security/cve/CVE-2018-6511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6510 – XSS Vulnerability in Puppet Enterprise Console
https://notcve.org/view.php?id=CVE-2018-6510
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. Una vulnerabilidad Cross-Site Scripting (XSS) en Puppet Enterprise Console de Puppet Enterprise permite que un usuario inyecte scripts en Puppet Enterprise Console cuando se utiliza Orchestrator. Las versiones de Puppet Puppet Enterprise afectadas son: versiones 2017.3.x anteriores al 2017.3.6. • https://puppet.com/security/cve/CVE-2018-6510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •