CVE-2018-6515

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-6515

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6515.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6515

Published

2018-06-11T20:29:00.360Z

Modified

2026-04-10T04:11:06.155507Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.

References

https://puppet.com/security/cve/CVE-2018-6515

Affected packages

Git / github.com/puppetlabs/puppet

Affected ranges

Type

GIT

Repo

https://github.com/puppetlabs/puppet

Events

Introduced

384311c359e43ac56cbb937fca9aba82068fd2d6

Fixed

7d7fb2e8559571a2da4b6a597c41c0e71a20be78

Introduced

ceec9d2b6ab716cf90c2f8f4384632ebd1afc338

Fixed

e6b2d096b681ce8da25388e8a26362dca555f3a8

Database specific

{
    "versions": [
        {
            "introduced": "5.3.0"
        },
        {
            "fixed": "5.3.7"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "fixed": "5.5.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/puppetlabs/puppet-agent

Events

Introduced

bc91a33c60c94e793a6cf5e69795b10db5d49ead

Fixed

7d562b4006028400529d9186d44d0b959ead4628

Database specific

{
    "versions": [
        {
            "introduced": "1.10.0"
        },
        {
            "fixed": "1.10.13"
        }
    ]
}

Affected versions

5.*

5.3.0

5.3.1

5.3.3

5.3.4

5.3.5

5.3.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6515.json"