CVSS 3 Base Score: Posted On: June 25, 2018Assessed Risk Level: High A vulnerability was discovered in FFI that could result in privilege escalation and arbitrary code execution on Windows. This vulnerability has been resolved in Puppet Agent 1.10.13, 5.3.7 and 5.5.2. Puppet Enterprise 2016.4.13, 2017.3.8 and 2018.1.2 include versions of Puppet Agent that have had this vulnerability resolved. This vulnerability only affects Puppet Agent running on Windows. For more information about the vulnerability, refer to the vulnerability writeup. This vulnerability was initially reported to us by Matt Bush at The Missing Link Security. Status:Affected software versions:Puppet agent 1.x prior to 1.10.13Puppet agent 4.xPuppet agent 5.x prior to 5.3.7Puppet agent 5.4.xPuppet agent 5.5.x prior to 5.5.2Resolved in:Puppet agent 1.10.13Puppet agent 5.3.7Puppet agent 5.5.2Puppet Enterprise 2016.4.13Puppet Enterprise 2017.3.8Puppet Enterprise 2018.1.2← Back to CVE Listings
