CVE-2018-6508

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2017.3.3

Description The issue is related to a remote execution bug that occurs when a specially crafted string is passed into the facter task or puppet conf tasks. This bug only affects tasks in the affected modules. If puppet tasks are not being used, the system is not affected by this issue.

Recommendations For versions prior to 2017.3.3, update to version 2017.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of facter task and puppet conf tasks until a patch is applied. Restrict access to tasks in affected modules to minimize the risk of exploitation.