Privilege Escalation

Affecting puppet gem, versions <5.3.7 || >=5.4.0, <5.5.2

high severity

Overview

puppet is a Server automation framework and application.

Affected versions of this package are vulnerable to DLL preloading attacks which could lead to a privilege escalation.

Remediation

Upgrade puppet to versions 5.3.7, 5.5.2 or higher.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-6514
CWE
CWE-264
Snyk ID
SNYK-RUBY-PUPPET-22029
Disclosed
07 Jun, 2018
Published
17 Jun, 2018